Vulnerability Management Program

Securing information technology systems from cyberthreats has become a critical program management function. In order to ensure consistent protective measures are taken by all organizations, standards have been developed to regulate best practice compliance in these areas and are referred to as vulnerability management programs.

Once such regulation that mandates use of a vulnerability management program is the Payment Card Industry Data Security Standard (PCI DSS), which defines compliance guidelines for businesses performing credit card payment processing transactions. The goal of vulnerability management programs is to address security weaknesses that may result in system exploitation and unauthorized access of sensitive information (Shanks, 2015).

Vulnerability management requires the following activities:

  • tracking of system assets/resources
  • placing assets into categories
  • scanning the assets to detect vulnerabilities
  • ranking and prioritizing the risks
  • managing software patches to overcome the vulnerability
  • follow-up remediation to ensure the vulnerability has been rectified

These steps allow an organization to detect, eliminate, and control the inherent risk of vulnerabilities. Using specialized software and effective workflow as part of the vulnerability program helps to remove the detected risks.

References

Shanks, W. (2015). Building a vulnerability management program - a project management approach. https://www.sans.org/reading-room/whitepapers/projectmanagement/building-vulnerability-management-program-project-management-approach-35932