SECurity FUNdamentals

Building an Effective Vulnerability & Remediation Management Program


Expo Theatre (Hall G) October 20, 2015 - Feedback   

Bookmark and Share

Dave Millier

Vulnerability scanning is like flossing, some do it regularly, some only when they have an issue or having their annual checkup, and some not at all. The challenge is that like bacteria the bad guys don’t sit back and wait for you to get around to it, and like teeth your IT systems are never static. Organizations need to move away from the annual “snapshot” vulnerability assessments and instead get into a regular routine of scanning their key systems for vulnerabilities and then fixing them. The challenge is how do you build a program that supports this on an ongoing, repeatable, dependable basis? Dave will walk you through building out a complete vulnerability and remediation management program. He’ll start by helping you understand how to determine what assets to scan and when, and how to classify your assets. Building schedules for regular vulnerability scanning will help determine how often results are being collected. Once the scanning is complete, the real work begins. Dave will explain different approaches to vulnerability remediation and tracking, and then feeding those results back into the next set of scans, enabling a complete vulnerability lifecycle management program.