Vulnerability management is an important part of an information security plan because exploitation of these vulnerabilities is
Question:
Vulnerability management is an important part of an information security plan because exploitation of these vulnerabilities is what leads to security breaches. It is expected that a company should have multiple layered security features to give it the best possible security posture. However, a vulnerability is often times a security flaw that exists in the system despite the best efforts of the company. Managing vulnerabilities also leads to documenting current the security structure and therefore allows for easier identification of potential vulnerabilities. Reducing the window of opportunity for a threat actor is the most effective way to prevent as much damage as possible to the information systems of their target. With less time between the discovery of the vulnerability and the subsequent security patches, hackers will have less time to complete their desired tasks and breach the system.
For one, human beings are not nearly as quick or efficient as computers. So any tasks which can be safely and accurately completed by a machine should be handled by a machine in order to reduce errors. This is where the use of vulnerability scanners is made apparent. Software vulnerability scanners can analyze a network for vulnerabilities on a consistent basis and then notify an administrator who can choose the response. Patch management involves keeping company software up-to-date with the most recent patches. Having the most recent software patches ensures the safest possible use of any given software. This is because patches fix recently discovered vulnerabilities, and if software is missing a patch, then it still has a known vulnerability which malicious actors could exploit.
- Do you agree or disagree with your peers’ perspectives on the importance of vulnerability management and patch management? Expand upon your ideas and support your stance with internal or external resources.
- Discuss an additional way of reducing the window of opportunity for a threat actor that your peer did not mention.
- Discuss an additional threat that a vulnerability scanner cannot address that your peer did not mention.
Personal Finance Turning Money into Wealth
ISBN: 978-0134730363
8th edition
Authors: Arthur J. Keown