What is vulnerability management?
In information technology, the management of vulnerability describes the process of identifying and preventing potential threats due to vulnerability, thus threatening the integrity of systems, interfaces and data. Different organizations divide the management process into a few steps and the components of the identified process may vary. Regardless of such a variant, however, these steps usually embody the following: the definition of policy, environmental establishment, priorities, action and alertness. After each step, it provides information technology managers and security analysts with a basic methodology that can effectively identify threats and vulnerability, while defining actions to alleviate potential damage. Objectively, the management process is to understand these potential threats before they can use vulnerabilities in both systems and processes involved in access to these systems or the data contained therein. Definition of policy
concerns the determination of what security levels are required in terms of systemsand data throughout the organization. After determining these security levels, the organization will then have to determine the levels of access and control of systems and data, and these levels accurately map the organizational needs and hierarchy. Thereafter, the accurate evaluation of the security environment based on established politicians is essential for effective vulnerability management. This includes testing the state of security, exactly its evaluation, and identification and monitoring of policy violation cases.
After identifying vulnerability and threats, the vulnerability management process must precisely prefer the threat to the measure and state of safety. The involvement in the process is assigning risk factors for each identified vulnerability. You prioritize these factors according to each risk, which represents the environment of information technology and the organization is necessary to prevent disaster. After priority, the organization must take steps against these ZRAnnibous whether it is associated with the removal of code, a change in established principles, strengthening such policies, updating software or installing security patches.
continuing monitoring and continuing vulnerability management is necessary for organizational security, especially for organizations that are strongly relying on information technology. New vulnerabilities are presented almost daily with threats from different sources both internally and externally, which seek to use information technology systems to obtain unauthorized access to data or even start an attack. Therefore, to alleviate potential damage to these threats and vulnerability, the continuing maintenance and monitoring of the vulnerability management process is essential. Politics and Secujadovky on ITs must develop to reflect organizational needs, and this will require a continuing evaluation to ensure that they are both in line with the organizational needs and the mission of the organization.