PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
February 2002

Four steps to sound security vulnerability management

The numbers tell you what you already know -- you're neck deep in a rising flood of new security vulnerabilities. Carnegie Mellon's Computer Emergency Response Team (CERT) reported 2,437 computer vulnerabilities in 2001, more than double the previous year's total. That's an average of about 10 every working day -- a lot to read about, much less deal with. "Dealing with security vulnerabilities presents real problems," says Claxton Francis, director of information systems for the New York-based nonprofit Natural Resources Defense Council (NRDC). "I have to spend time each day reviewing the latest issues and evaluating the level of exposure to decide whether to deal with the problem immediately or wait for the next scheduled maintenance window." It's not impossible to sift through this flood of information, find what's relevant to your organization and take swift action to prevent intrusions -- if you have a plan. The template is simple, but the devil is in the details of your environment. Broadly speaking, there are four steps to...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue

  • Security startups: Recipe for success

    by  Robert Logan

    Stir one part technologist with one part experienced CEO and some VC money and you have the recipe for successful security startups.

  • Secure reads: The CISSP Prep Guide, CISSP Exam Cram

    by  SearchSecurity staff

    Although efficient study guides for cramming before the CISSP test, The CISSP Prep Guide and the CISSP Exam Cram won't advance the infosec profession and are likely plagiarized.