Often Vulnerability Management program managers are missing the mark by focusing on the wrong information, communicating poorly and not understanding the business criticality as it relates to the technical risk found in scanning. This creates a “bad data” scenario where all the data collected is seen to have little or no value – which increases risk and frustration.
This presentation is about lessons learned by studying what goes wrong in the real world with Vulnerability Management programs. More importantly, it discusses how you can build a program that focuses on threat management, security intelligence, risk awareness and patch auditing.