Vulnerability Management is the ongoing process of identifying assets, their vulnerabilities, assessing their risks, then prioritising the remediation and verification of the improvements. A vulnerability is defined in the ISO 27002 standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” (International Organization for Standardization, 2005).
While no doubt an important part of an organisation’s security, Vulnerability Management is not straightforward to implement. Key questions that will help with putting you on the right track are:
- What is the Goal of your Vulnerability Management programme?
- What is your organisation’s Risk Appetite ? How is it defined and disseminated ?
- What are the metrics to track progress and recognise success?
CogSec Ltd works with all business stakeholders to clarify the goals, metrics and success of your VM programme. This applies to existing programmes that have been in place for some time but are in need of a refresh, just as much as to organisations which are new to Vulnerability Management.