What is vulnerability management?

Vulnerability management is a recurring process (typically monthly or quarterly) that will identify, report, prioritize, and address how to remediate known vulnerabilities. The scope of vulnerability management is usually limited to software and hardware. It can however be expanded to included physical and administrative facets of your business.

How does it help my business?

Every business has vulnerabilities, both technology and non-technology based (think of a front door that doesn’t lock). Almost every single piece of software or hardware has at least one vulnerability. Unfortunately it is not uncommon for each computer in a business to have hundreds, if not thousands, of vulnerabilities.

A vulnerability management program will help collect all of the data generated during a vulnerability scan, analyze and prioritize it, then provide a method for identifying which vulnerabilities require immediate attention and which can be put on a roadmap for remediation at a later time.

This approach allows for the best use of limited resources (money, personnel, and time) while incrementally lowering the total risk score of the business. While it is not required, a vulnerability management program is typically implemented after an initial security risk assessment has been completed.