How to Build a Vulnerability Management Framework


Presented by Coalfire

How to Build a Vulnerability Management Framework

Vulnerability management is defined as the process of identifying vulnerabilities in information systems and quantifying them based on risk. It is critical for maintaining secure information systems and has become an essential part of information security programs for companies of all sizes. It’s also a requirement for compliance standards such as FedRAMP, FISMA, HIPAA and PCI DSS.

With cybercrime on track to cost businesses over $2 trillion by 2019 (Juniper Research), the ability to identify and remediate security vulnerabilities is more important than ever. According to the 2016 Verizon Data Breach Investigations Report, most cyber attacks exploit known vulnerabilities where a patch has often been available for months, if not years.

In this webinar, Coalfire’s Nick Morris and Ben Scudera will define the requisite security controls for implementing an effective vulnerability management program that will enable you to properly assess the state of your IT infrastructure and integrate a formal vulnerability management process into your business practices.

Topics include:

  • Automated discovery/identification of system assets
  • Authenticated vulnerability scanning of hosts, web applications, databases, and static code
  • The difference between credentialed- and non-credentialed scanning
  • Vulnerability analysis and remediation
  • Continuous monitoring

Vulnerability management should be a continual process, not a point-in-time event. This discussion will also cover the key steps of a holistic vulnerability management process beginning with the design phase of the Systems Development Lifecycle (SDLC) and continuing through deployment and post-deployment phases.