Introduction to Vulnerability Management
- Vulnerability Management Fundamentals
- Common Vulnerabilities and Exposure
- CVSS Scoring
- Vulnerability Scanners
Vulnerability Management Process
- Rational for a Vulnerability Management Program
- Roles and Responsibilities
- Vulnerability Management Lifecycle
Discover: Asset Discovery & Categorization
- Authoritative Asset Inventory
- Asset Classification (Criticality, Sensitivity, Network Zones, Regulatory requirement)
- Asset Groups and tags
- 3rd party applications, ports & Services
- Exclusions
Assess: Vulnerability Identification and Assessment
- Vulnerability Scanning
- Vulnerability Scan result and Report
- Vulnerability Ranking/ Scoring
Fix: Remediation Planning and Implementation
- Remediation Prioritization
- Vulnerability Notification & Tracking
- Remediation Implementation
Remediation Validation
- Rescanning and assessment
- Update & Purge Assets
- Work group collaboration
Vulnerability Monitoring
- Vulnerability Metrics
- Dashboards and Scorecards
- Exceptions and Risk Register
- False Positive
Vulnerability Management Operational activity
- Scan Tool Life Cycle Management & Optimization
- Scan Scheduling
- Operational Calendar
- Monthly Cadence Meetings
- Audit Response
- Change Management