VulnerabilIty Management Guide

VulnerabilIty-Management-Guide

When discussing vulnerabilities, we are discussing the feature or condition that, if exploited by a threat (natural or man-made), renders an entity (i.e., an entire organization or any of its constituent parts) susceptible to a risk. The CRR focuses on a specific critical service of the organization. Each aspect of the service is discussed in terms of the various assets that support the service. A vulnerability in the service is a result of a vulnerability in one or more of its assets. Assets are divided into the categories of people, information, technology, and facilities.

Distribution Statement A: Approved for Public Release; Distribution is Unlimited 5 Vulnerability management is a key component in planning for and determining the appropriate implementation of controls and the management of risk. It is reasonable to say that vulnerability management is central to
cyber resilience. The topics of the other CRR domains provide information about vulnerable conditions (Asset Management, Configuration and Change Management, External Dependencies Management, and Situational Awareness) or provide for a response to the vulnerable conditions (Controls Management, Incident Management, Service Continuity Management, Risk Management, and Training and Awareness).
Vulnerability management assures that the organization understands its weaknesses so that it can plan
accordingly.

Exploitation of a vulnerability by a threat results in a risk to the organization. Expanding the discussion from what are the vulnerabilities to how vulnerable is the organization to disruption or what is the impact of exploiting this vulnerability moves beyond the domain of vulnerability management into a discussion of risk management. It is in risk management that we seek to quantify the impact of a realized hazard. This context is discussed more completely in the Risk Management Resource Guide, Volume 7 of this series. An organization’s resolution of vulnerabilities and its disposition of risk overlap to a large degree. This resource guide will discuss aspects of risk management as required to clarify the analysis, categorization, and resolution of vulnerabilities.

VulnerabilIty-Management-GuideDownload
Facebook
Twitter
LinkedIn
Pinterest
Constanza Rodriguez

Constanza Rodriguez

All Posts »

Leave a Reply

Your email address will not be published. Required fields are marked *

Top Recommended Posts

DevSecOps Beginner´s Guide to Security applied to DevOps by isms forum
DevSecOps Beginner´s Guide to Security applied to DevOps by isms forum
Red Team Security Open Source Toolkit
Red Team Security Open Source Toolkit
Good practices for security OIT by enisa
Good practices for security OIT by enisa
The four main solutions for a Zero Trust approach
The four main solutions for a Zero Trust approach
Hacking Tools Cheat Sheet by Compass Security
Hacking Tools Cheat Sheet by Compass Security
Five Automation Use Cases for Splunk SOAR by Splunk – Alert Enrichment , Phishing Investigation & Response, Endpoint Malware Triage, Command & Control Investigation & Containment, Threat Intelligence.
Five Automation Use Cases for Splunk SOAR by Splunk – Alert Enrichment , Phishing Investigation...
Mitre Attack Mapping – 2023
Mitre Attack Mapping – 2023
Threat Hunting Framework by Cyborg Security
Threat Hunting Framework by Cyborg Security
Libro Ciberseguridad – Una estrategia Informatica-Militar by Alejandro Corletti Estrada – darfE.es
Libro Ciberseguridad – Una estrategia Informatica-Militar by Alejandro Corletti Estrada – darfE.es
Cybersecurity in the C-suite and Boardroom by Jon Oltsik – Enterprise Strategy Group (ESG)
Cybersecurity in the C-suite and Boardroom by Jon Oltsik – Enterprise Strategy Group (ESG)