Photo by Fancycrave on Unsplash

Photo by Fancycrave on Unsplash

Vulnerability assessment best practices for enterprises

Measure Twice, Cut Once

Article from ADMIN 46/2018
By
A vulnerability assessment is an important step toward protecting an organization's critical IT assets.

To understand how you can protect an organization's information technology properly through the use of a vulnerability assessment (VA), it is important to frame how you define a VA. For the context of this discussion, a VA is the process of identifying and quantifying vulnerabilities within a system. It can be used against many different types of systems, such as a home security alarm, a nuclear power plant, a military outpost, and a corporate computer environment. A VA is different from a risk assessment, even though they sometimes share some of the same commonalities.

VAs are concerned with the identification of vulnerabilities, the possibilities of reducing those vulnerabilities, and the improvement of the capacity to manage future incidents. In this article, I focus primarily on VA as it pertains to information technology infrastructures. Many times, an information technology VA can be conducted in conjunction with or overlapping a physical security VA. For the discussion here, I deal with information technology VAs only.

Preparation and Execution

A VA is a critical process that should be followed in any organization as a way to identify, assess, and respond to new vulnerabilities before they can be exploited by an external or internal threat. Generally, the assessing organization will perform a few common steps – outlined here and discussed in this article – when conducting a VA project for another organization:

  1. Obtain written approval from the organization for which you are conducting the VA.
  2. Find and document which information systems within the organization will be part of the VA and, just as importantly, which information systems will not be included.
  3. Define what tools, processes, and steps will take place before, during, and after the VA is conducted.
  4. Determine when the VA will occur
...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Lead Image © tarokichi, 123RF.com
    ASM tools and strategies for threat management
    The tools used in attack surface management help identify attack surfaces more precisely and respond to changes in risk situations.
    more »
  • Photo by Jakob Boman on Unsplash
    Full-spectrum security scanner
    We take a close look at the Trivy scanners for vulnerabilities, misconfigurations, and secrets with Ubuntu-centric guidance on performance tuning, security configurations, and scalability across Linux distributions.
    more »
  • Lead Image © Author, 123RF.com
    Tested – Tenable Nessus v6
    To ensure your servers and workstations are well protected against attacks on your network, you need a professional security scanner. In version 6, Tenable has substantially expanded its Nessus vulnerability scanner. We pointed the software at a number of test computers.
    more »
  • Lead Image © Yoichi Shimizu, 123RF.com
    Open Source Security Information and Event Management system
    Systems, network, and security professionals face a big problem managing disparate security data from a variety of sources. OSSIM gives IT security professionals the capacity to cut through the noise and gain wisdom and foresight in defending and managing their networks.
    more »
  • Lead Image © Kae Horng Mau, 123RF.com
    Security issues when dealing with Docker images
    Although developers appreciate Docker's ease of use and flexibility, many admins are worried about vulnerabilities. We look at various approaches to securing container images and the price to be paid.
    more »
comments powered by Disqus