Vulnerability quiz: Question No. 10
Why should your security and technology teams have a pre-defined process for responding to new vulnerabilities?
A. If the process is not defined, standard reactions cannot be guaranteed.
A process should be defined that describes action steps a team should go through when a new vulnerability is identified from a vulnerability listing or through a scanning process. The following outlines an example of these steps:
This ensures that the team understands the relevance and possible ramifications of this vulnerability, the fixes are properly tested and implemented, the changes are properly documented, and the resulting protection level still meets the requirements of the company's security policy and set baselines.