The purpose of the vulnerability assessment program of an organization is to set up controls
1) The purpose of the vulnerability assessment program of an organization is to set up controls and processes to help the organization identify its vulnerabilities within the company’s technology infrastructure and components of the information system. Once vulnerabilities are identified, steps to be taken to mitigate vulnerability by identifying controls and processes that will provide adequate protection to the organization against the vulnerabilities and threats identified by the vulnerability assessment program.
Five tips can be used to effectively implement controls that can help organizations create a consistently configured environment that is safe from known vulnerabilities. The first step is Implementing a threat monitoring process that will enable security teams to collect information on the newest or emerging threats that may affect the organization. The second step is Conducting regular vulnerability assessments since assessment is an active process because the assessment is just a time snapshot of your situation and can change as new vulnerabilities are discovered Therefore, you must ensure that you set up a formal program with defined roles and responsibilities that focus on developing and maintaining good processes and procedures for vulnerability.
Standardizing the configuration of similar technological assets within your organization based on documented configurations in accordance with applicable policies. Ensure that all basic configurations are documented in your environment and that these documents are kept up-to-date and integrated as part of your system building process and enforced throughout your organization there is the third step in successful vulnerability management. The fourth and most important step is Remediating vulnerabilities. In which vulnerabilities are evaluated for their risk level and planning responses to the vulnerabilities along with back tracking towards vulnerability mitigation.
The last and most important step is Patching vulnerabilities. Point sot be noted while implementing the vulnerabilities Patching are: First, processes need to be in place to identify and confirm vulnerabilities using suitable tools and services to help identify alleged or verified threat to the organization. Next analyze the findings to fully understand the risks involved after performing analysis and fix the problems. Finally, once the “fix” is in place, rescan or retest should be performed to ensure the fix took and then to ensure that it was effective.
2) Vulnerability assessment
Securing physical elements under technological and administrative paradigm has become one of the tough tasks these days. Physical devices such as IT network, hard disks, servers, demilitarized zones (DMZs), computers, laptops, and all other internal gadgets has become the potential loopholes subjected the company to a data breach, fraud, and theft and eventually suffer huge data, customer, financial and even loss of business. If the company has not followed the standard security compliances may steer to access private and confidential data whereby making themselves to authorize to access the classified resources. (Hutter, 2016).
Vulnerability Assessment and Remediation
Vulnerability assessment is the periodic scan of all resources to the organizational information system and goes through the phase of identification of vulnerabilities or weakness, set necessary severity level and propose effective remediation strategy to the specific threats. Vulnerability assessment may undergo several assessment procedures to identify the vulnerability within the organization. Identification may subject several automated or manual testing tools to scan resources to make sure the object is free of risk (Imperva, n.d.). During the identification phase, the assessment team may add certain host and network-based intrusion detection system such that it triggers the possible breach into the system and notify the concerned personnel to take necessary action. A centralized logging system segregated from common users and staff members may help to track the footprint to find any anomaly inside every resource. In several cases, the hacker might remove the logs as they breach the system but the centralized logging would prevent the hacker to wipe out the footprints which help to track the attacker. Similarly, it undergoes with the phase of Vulnerability analysis which substantiates the root cause of the weakness found. Risk assessment prioritizes the severity level of the problem spotted. It graphs the overall risk and potential impacts on each and every module. Finally, the vulnerability assessment team recommends the possible remediation path to resolve the issue. The Remediation phase may impose certain change or upgrade in security policies which helps to avoid similar incidents or scenarios in future occurrences (Imperva, n.d.).
Respond to these two please.
