By IT Brew Staff
less than 3 min read
Definition:
When done correctly, vulnerability management is a continuous process of discovering, managing, and resolving cybersecurity vulnerabilities within an organization’s IT infrastructure, including its software.
Vulnerability management involves several steps, including:
- Discovery. This involves cybersecurity experts and other IT pros taking an inventory of all assets within the IT stack with an eye toward evaluating vulnerabilities. The team may also establish timelines for regularly scanning the network, penetration testing, and other detection efforts.
- Prioritization/assessment. Once the discovery process is complete, cybersecurity experts prioritize vulnerabilities by criticality. This can help the team decide which vulnerabilities to squash first.
- Remediation. This can include software patches, replacing outdated hardware, and more. Depending on the time and resources available, the team may decide to leave certain vulnerabilities unaddressed, especially if they are low priority or associated with devices that aren’t connected to anything critical.
- Reassessment/verification. Teams reevaluate their systems after remediation to ensure that vulnerabilities have been dealt with.
- Reporting. Teams then produce reporting (such as dashboards with key metrics) that will inform other stakeholders throughout the organization about the current state of vulnerability management.
Vulnerability management can lead to an improved cybersecurity posture for an organization, such as better centralized reporting on cybersecurity issues.
