Implementing there a need of this management? ……………………………

Implementing a vulnerability management process
Student First and Last Name
Name of College
Date in this format Month day, year

Implementing a vulnerability management process
An Executive Summary
This report depicts how a vulnerability management process can be designed and implemented within an organization. Report focus on its automation and mechanics of vulnerability. The objective is to focus attention on a problem, mostly ignored. To design a simplified form of VM process easily implemented in any organization. This program applies to all those who use information technology.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Table of Content
Executive Summary ……………………………………………………. 2
Introduction ……………………………………………………………. 3
1.1. Why is there a need of this management? ……………………………

1.2 Vulnerability Scanner …………………………………………
1.3 Risks…………………………………………………………..
Objective ………………………………………………………………. 4
Discussion ……………………………………………………………… 4
2. Vulnerability Management ……………………………………….

2.1 Process………………………………………………………..

2.2 Roles and responsibilities …………………………………….

2.3. Vulnerability Management Process ………………………….

23.1 Preparation …………………………………………………….

2.3.2 Initial Vulnerability Scanner ………………………………

2.3.3. Remedial …………………………………………………
2.3.4 Implementation …………………………………………… 5
2.3.5 Rescan ……………………………………………………. 5
Conclusion …………………………………………………………….. 5
References ……………………………………………………………… 5
Appendix …………………………………………………………….. 6

An Introduction
A vulnerability is known as ‘A weakness of an asset or group of assets that can be exploited by one or more threats’ (International organization of Standardization, 2005). Vulnerability Management is a process in which the risk of vulnerability is identified and evaluated which leads to design an improvement in the program and minimize the risk factor. Vulnerability management is same as vulnerability scanner, as both are related to each other. However, scanning is used to find out any risk in the network.

Why is there a need of this management?
There is a need of this program due to the increase in the cybercrime day by day. So this minimizes the factors and controls leakage in information.

Vulnerability Scanning
To perform this management scanners are very important. Company should make sure to understand how vulnerability scan will perform along with its equipment. GUI controls these, which allow its client to launch vulnerability scan against any system. It is highly recommended to properly configure and tune scans to lessen the risk factor.

Risk
Risks are involved in vulnerability scanning. They sometimes disturb network equipment. If this happens, it is recommended to inform its stakeholders.

Objective
Its main objective is to find out the possible solution and to implement the program
Discussion
Vulnerability Management Process
2.1. Process.

When this program is launched due to regular scan the threat of cybercrime hijacking of data reduces .Regular scanning will ensure that vulnerabilities are detected timely to find out its remedies.

2.2. Roles and Responsibilities.

Roles and responsibilities is given to following people. Security Officer: who design this program and ensure its implementation according to its design. Engineer: It configures and schedules the scanners. Asset owner: He is responsible for IT assets. He decides whether the vulnerabilities are to be mitigated or to accept the risk.IT System Engineer: he makes sure the remedial action is implemented.

2.3. Vulnerability Management
2.3.1. Preparation: Security Officer starts to prepare which system is to be included or excluded. They both are executed only when they both are authentic.

2.3.2. Initial Vulnerability Scan : After preparation phase initial vulnerability scan are performed . If any issue occurs, like poor response of an application, it should be recorded immediately and its impact eliminated.

2.3.3. Remedial : In this phase the assets owner with security and IT officer design remedial action plan by analyzing the risk and then provide their input to minimize the risk.

2.3.4. Implementation: Remedial plan is implemented. If any problem occurs, it is noted and immediate action should be taken to rectify it.
2.3.5. Rescan: This phase confirms that remedial action plan has been implemented. This step is very important to minimize the risk factor of providing incorrect results due to configuration errors. It is normally scheduled after the deadline for implementation remedial plan.

Conclusion
In the absence of these programs, the management of an organization is very blind. They cannot evaluate the risk if occurs. They manage the risk when this program is implemented. which allows the management to take well-formed decision with the help of the evaluation and action plan to reduce the risk . Although it can be challenging and at first can create confusion, so the focus should be there on its aspects to ensure success. It is very important to take all stake holders on board . Configuration and fine-tuning of vulnerability scanner should be ensured and checked.
In the last, the scope of the program should be limited. To prevent initial scan which reults vulnerabilities in terms of thousands.
References
Carey, M., R. Rogers, P. Criscuolo, and M. Peruzzi. Nessus network auditing. 2. Burlington, MA: Singers Media Inc, 2009.
Wheeler, E. Security risk management, building an information security risk management program from the ground up. Syngress, 2011.Tenable Network Security. (2013) Nessus 5.0 User Guide. Retrieved from http://static.tenable.com/documentation/nessus_5.0_user_guide.pdf Appendices
Vulnerability management software
Let’s discuss about Vulnerability tools. Kenna Security: It is designed to estimate the most dangerous vulnerability, which could harm a much-protected network. This platform has been set up in a service as an SAAS model. The user has to pay its subscription fee to use and to log into the secure program. This program improves the security of the whole platform. It tracks billions of threats on daily basis and the number is going up day by day.

Crossbow
This platform was created to provide best offensive system. It is the most dangerous defensive program. It creates real attacks, uses real techniques that has hacked all cybersecurity defenses in the organisations.this make it a very effective and efficient tools, which can test and manage vulnerability.

Risk Fabric
There are many programs that can lead to the threat directly in the software. This is the reason why the vulnerability management has designed the risk fabric platform to rectify all such threats.

Continuous Security Validation Platform
It is a platform from NSS lab, which is dedicated to find and resolve all the threats that are detected. Customers those who are using the program can use both public and private program because both the programs are user friendly.

x

Hi!
I'm Gerard!

Would you like to get a custom essay? How about receiving a customized one?

Check it out