Security Management Strategies for the CIOAccess "Vulnerability Mismanagement"
This article is part of the January 2005 issue of How security pros can benefit from information sharing
POLICY & PROCESS You're just plugging holes if you don't have the right processes and policies. Scan, patch and scan again: It's a common process for finding and plugging security vulnerabilities. But, if this is your idea of vulnerability management, it's costing your company time and money without improving your security. Clearly, you need to implement a well-defined, repeatable process that gets the most out of your staff and protects critical business assets and applications. An efficient vulnerability management process can't be implemented without a solid foundation of essential resources, mechanisms, expectations and security policies. How do you determine where to focus your limited resources? Are your most critical assets also the most vulnerable? If you don't know the answers, you're not efficiently managing vulnerabilities--you're simply trying to plug holes as they appear. Without this foundation, you're doomed to work in reactive mode, with no way to validate budgets or measure performance, effectiveness or exposure to threats and risk. The ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Vulnerability Mismanagement
You're just plugging holes if you don't have the right processes and policies.
-
The Sky's the Limit
What security technology do you need that you can't get today? Here's your wish list.
-
Content Filtering: Websense Enterprise 5.5
Websense's Enterprise 5.5
-
Authentication: RSA SecurID 6.0 for Windows
RSA Security's SecurID 6.0 for Windows
-
Peer-to-Peer
Seattle CISOs Ernie Hayden and Kirk Bailey are pioneering a new level of trust and cooperation to secure their enterprises.
-
Hot Pick: F5 Networks' FirePass 4100 Series
F5 Networks' FirePass 4100 Series
-
Vulnerability Mismanagement
-
-
Antispyware: Webroot Software's Spy Sweeper Enterprise
Webroot Software's Spy Sweeper Enterprise
-
Secure Reads: Gray Hat Hacking
Gray Hat Hacking: The Ethical Hacker's Handbook
-
Recent Releases: Security product briefs, January 2005
Learn about the information security products released in January 2005.
-
E-Mail Security
Avinti's iSolation Server 1.1
-
The Myths of Security
The ancient Greeks spun myths to explain the unexplainable. Modern enterprises use commonly held myths as a foundation for security.
-
Key to the World
SAML's portable trust makes federated identity work.
-
Antispyware: Webroot Software's Spy Sweeper Enterprise
-
Columns
-
Logoff: Government tosses pennies toward information security
Death by a Thousand Cuts
-
Editor's Desk: Remembering the dearly departed
Built to Sell
-
Layer 8: The security governance myth
Governance Benefit
-
Perspectives: Walk in management's shoes
One security manager describes his experience with a management program that helped him understand how to align security with business objectives.
-
Logoff: Government tosses pennies toward information security
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...