Difference between revisions of "Vulnerability Management"

From Socology.org - The Study of Security Operations
Jump to: navigation, search
(Citations)
Line 33: Line 33:
 
== Citations ==
 
== Citations ==
 
ISO/IEC. 2015. Information technology -- Security techniques – Code of practice for information security management. ISO/IEC 27002
 
ISO/IEC. 2015. Information technology -- Security techniques – Code of practice for information security management. ISO/IEC 27002
 +
Tom Palmaers. 2013. Implementing a vulnerability management process. Retrieved from [https://www.sans.org/reading-room/whitepapers/threats/implementing-vulnerability-management-process-34180 https://www.sans.org/reading-room/whitepapers/threats/implementing-vulnerability-management-process-34180]

Revision as of 07:04, 1 November 2018

This section is under development

Objective

A vulnerability is defined in the ISO 27002 standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” (International Organization for Standardization, 2005)

Process

Tooling

Ticketing

Reporting

Staffing

Budgeting

Communications

Documentation

Lessons Learned | Pain Points

Citations

ISO/IEC. 2015. Information technology -- Security techniques – Code of practice for information security management. ISO/IEC 27002 Tom Palmaers. 2013. Implementing a vulnerability management process. Retrieved from https://www.sans.org/reading-room/whitepapers/threats/implementing-vulnerability-management-process-34180

Retrieved from "https://socology.org/wiki/index.php?title=Vulnerability_Management&oldid=325"