Security Management Strategies for the CIOAccess "Framework for building a vulnerability management lifecycle, program"
This article is part of the September 2011 issue of The top 2011 security products: Information Security Readers' Choice Awards
Vulnerability management is about more than patching. To build a truly robust program an organization needs to incorporate inventory management, configuration management and change management into the patching lifecycle. And for even more effective control and governance, penetration testing and patch and control validation should be added to the mix as well. That’s a lot of moving parts, and depending on your organization, these parts could span multiple business units and geographic locations. Getting it right and keeping it running smoothly can be a challenge. We will present a framework for building a vulnerability management lifecycle. Using examples from practitioners, you will get a from–the-trenches view of what works and what doesn’t when trying to win the ongoing vulnerability management war. VULNERABILITY MANAGEMENT LIFECYCLE: DEFINING VULNERABILITY MANAGEMENT Computing environments are complex systems comprised of hardware, software operating systems and platforms, applications, services, and the people who interact with all of the above to get ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
2011 Information Security magazine Readers' Choice Awards
by Information Security Staff
Readers pick the best security products.
-
Best authentication products 2011
by Information Security Staff
Readers choose the best authentication products.
-
Best intrusion detection/prevention products 2011
by Information Security Staff
Readers choose the best intrusion detection/prevention products.
-
Best network access control products 2011
by Information Security Staff
ISM readers choose the best network access control products of 2011. See who won the gold.
-
Best secure remote access products 2011
by Information Security Staff
Readers choose the best secure remote access products.
-
Best unified threat management products 2011
by Information Security Staff
Readers choose the best unified threat management products.
-
Best Web application firewalls 2011
by Information Security Staff
Our readers selected their favorite Web application firewalls. See which product took the top spot.
-
Framework for building a vulnerability management lifecycle, program
by Diana Kelley
A robust vulnerability management program requires the integration of inventory, change and configuration management.
-
2011 Information Security magazine Readers' Choice Awards
by Information Security Staff
-
-
Best antimalware products 2011
by Information Security Staff
Readers rank the best antimalware products.
-
Best identity and access management products 2011
by Information Security Staff
Readers choose the best identity and access management products.
-
Best messaging security products 2011
by Information Security Staff
ISM readers choose the best messaging security products of 2011. See which one took home the gold.
-
Best policy and risk management products 2011
by Information Security Staff
Readers choose the best policy and risk management products 2011.
-
Best security information and event management products 2011
by Information Security Staff
Readers choose the best security information and event management products.
-
Best vulnerability management products 2011
by Information Security Staff
Readers choose the best vulnerability management products.
-
Best Web security products 2011
by Information Security Staff
Readers choose the best Web security products
-
Microsoft BlueHat prize wins over Black Hat Crowd
by Robert Westervelt
Security pros say Microsoft’s contest to encourage development of new security technologies for its products is promising.
-
Best antimalware products 2011
by Information Security Staff
-
Columns
-
Ranum chat: Enterprise information security architecture
by Marcus J. Ranum, Contributor
Security expert and Information Security magazine columnist Marcus Ranum continues a new bimonthly feature where he goes one-on-one with a fellow security industry insider. This month, Marcus talks to Gunnar Peterson, managing principal at Arctec Group, where he focuses on distributed systems security for large enterprise systems.
-
Organizations need a new data security model to combat today’s threats
by Phil Gardner and Chris Silva
Modern threats require a fundamental shift in information security away from the fortress mentality.
-
Bring back the lulz by changing up your information security model
by Michael S. Mimoso, Editorial Director
Security needs more lulz, but it’s not happening until we change our protection models, understand how our respective businesses work and concentrate on current threats and adversaries.
-
Ranum chat: Enterprise information security architecture
by Marcus J. Ranum, Contributor
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...