Techweb Digital Library

8 Elements of Complete Vulnerability Management


Click here to download now

Source: NTT America
Date: November 2009
Type: White Paper
Rating: (2)
Save for Later
Email a Colleague
Rate This Asset

Overview: Vulnerabilities are like fish in the sea. We can identify the different species and explore their individual varieties but there will always be others to discover. On average, 20 new vulnerabilities are found each day across equipment vendors, operating systems, and software applications.

All companies should be implementing a comprehensive vulnerability management program, one that includes vulnerability detection, external and internal vulnerability assessments, frequency, application testing, policy scanning, remediation, and configuration. Conducting a vulnerability scan is useful in identifying exploitable operating systems, services, and applications both inside and outside of a network.

External vulnerability assessments have always been considered the most critical because Internet accessible devices are most exposed to attackers. However, hackers have developed methods that compromise the vulnerabilities of systems residing on the internal network as well, which means organizations must test more frequently for vulnerabilities now than they have in the past.

It is recommended that external vulnerability scans be run weekly for optimum security and monthly for best practice. Internal scans can be run less frequently – monthly for optimal security and quarterly for best practice. Administering secure application and policy testing is also recommended. All of this information must then be passed on to an IT administrator who can then remediate identified security weaknesses and correct misconfigurations as quickly as possible.

DOWNLOAD NOW

Not what you're looking for? Search again
Go Advanced »
More From the Vulnerabilities and Threats Section
VENDOR INDEX 0-9 | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

View All Categories

Business Intelligence : Analytics, Business Process Management, Content management, Dashboards, Data Mining, Performance Management, Databases, Datamarts/Data Warehouses, Information Management, Knowledge Management, Data Quality

Development : Open Source, Windows/.NET, Web Development, Security, Mobility, Java, High Performance Computing, Embedded Systems, Development Tools, Database, Architecture & Design, C/C++

Government : Cloud/SaaS, Leadership, Information Management, Federal, Mobile & Wireless, State & Local, Enterprise Applications, Security, Policy & Regulation, Enterprise Architecture

Hardware : Virtualization Hardware, Windows Servers, Utility/On-demand Computing, Unix/Linux servers, Supercomputers, Peripherals, Macintosh, Handhelds/PDAs, Grid/Cluster Computing, Desktops/PCs, Data centers, Blades, Processors

Healthcare : Interoperability, Administration systems, Clinical information systems, Electronic medical records, The Patient, Security & Privacy, Leadership, Policy & Regulation, Mobile & Wireless

Infrastructure : ATM, Ethernet/Gigabit Ethernet, Frame relay, IPv6, Traffic Management, Network/Systems Management, PBXs, Printers, Remote Access, Routers, Switches, UPS, VPNs, WAN Optimization/Acceleration, Wide Area File Services

Internet : B2B, B2C, Browsers, E-Business/E-Commerce, E-retail, Google, Social Business, Internet Security, Search, Social Networks, Traffic Reporting/Monitoring, Web 2.0, Web Development, Internet Policy

Management : Career Development, Training, Small-Medium Business, Salary/Compensation, ROI/TCO, Regulation/Compliance, Recruiting, Personnel Management, Outsourcing, Legal, H-1B, Executive Insights/Interviews, Workplace Trends

Mobility : WLAN, Wireless Security, Wi-Fi/WiMax, Wi-Fi VOIP, Smartphones, 3G Wireless/Broadband, Muni Wireless, Mobile Messaging, Mobile Business, Fixed Mobile Convergence, 802.11x, RFID

Personal Tech : Blackberry, Bluetooth, Bluray, Digital Cameras, Digital Music, Digital Rights Management, Virtual worlds, iPhone, iPod, Peripherals, Smartphones, TVs/Home Theater, Global Positioning Systems

Security : Security Administration, End user/Client Security, Encryption, Cyberterror, Attacks/Breaches, Application Security, Antivirus, NAC, Perimeter Security, Privacy, Vulnerabilities and Threats, Storage Security, Intrusion Prevention

Services : Telecom/Voice Services, Business Process Outsourcing, Business Services, Disaster Recovery, Systems Integration, Hosted Storage, Internet/Data Services, Outsourcing, Software as a Service, Hosted Applications

Software : Web Services, Service Oriented Architecture, Server Virtualization, Productivity Applications, Operating Systems, Open Source, Linux, Hosted Software/Applications, ERP, Development Tools, Databases, Database Applications, CRM, Business Systems Management, Integration, Application Optimization

Storage : Data protection, Disaster Recovery, Removable/Portable Storage, Security, Storage Fabrics, Storage Systems, Virtualization

Telecom : VOIP, Unified Communications, Voice services, PBXs, Internet policy, Presence, Collaboration Systems, Business, Regulation, Call Centers

Windows/Microsoft : Applications, Internet Explorer, Microsoft Company News, Security, Open Source, Operating system, Office Suite

More Security Resources

Mission critical defense
Attackers don't work in silos. To defend against them, your defenses can't be siloed either. The teams, tools, and solutions you use in the response ......

More On Security

Blogs