What is vulnerability management and how do you enforce it in your organization? If you ask a security expert, most would respond the following way: it is a list of vulnerabilities on an operating system or application that need to be patched with the latest security updates. And, for the most part, they would be correct, but true vulnerability management (VM) is significantly more.
Wikipedia defines vulnerability management as “the cyclical practice of identifying, classifying, prioritizing, remediating and mitigating software vulnerabilities.” It goes on, stating, “it is integral to computer security and network security, and must not be confused with vulnerability assessment.” Although true, I argue that the scope should be larger and that true VM also requires a focus on the weaknesses that involve people, processes and business relationships, as well as technology.
Educational Webinars, Videos & Podcasts: Receive cutting-edge insights and invaluable resources, empowering you to stay ahead in the dynamic world of security.
Empowering Content: At your computer or on-the-go, stay up-to-date when you receive our eNewsletters curated with the latest technology and services that address physical, logical, cyber and enterprise resilience.
Unlimited Article Access: Dive deep into the world of cybersecurity and risk management leadership with unlimited access to our library of online articles.