Manage Learn to apply best practices and optimize your operations.

Episode VII - Vulnerability assessment & remediation management integration

Check out Episode VII - Vulnerability assessment & remediation management integration.

"Ahhh, lunch hour on the banks of Impervious. What a sensational day!" thought Dame Domaine, as she took in the light breeze and rolling clouds animating her view of the land's tree lines and restful pastures. Unfortunately, lunch hour lasts only a half hour for knights. And so, it was back to the Kingdom's defense lines and not-so-restful posture.

Meanwhile, Sir Pokehole, having skipped lunch as usual, was starting to feel the stress. His relentless discovery tasks could not be continued on only a bagel and two hours' sleep a day. Likewise, Dame Domaine was feeling perturbed by the patching proliferation posed by Pokey's pen tests.

"D-Day," as she became informally known, heard mumbling.

"What say you, old Poke?" D-Day asked as she entered the Castle NOC.

"My shoes are chocolate bunnies! My shoes are chocolate bunnies!" an incoherent Sir Pokeahole wailed.

It was clear to Dame Domaine that it was time to investigate a better way. So after one last look at Pokey's feet, she called in a consultant...and ordered him a pizza.

"You need patch management! And I'm here to help you," cried the masked consultant as he arrived pushing past the pizza delivery guy.

"But we do patch management. We use tools!" said D-Day.

"Allow me to explain, my lady. I speak of management for patch management. Yes, your tools are only as good as the fiber of your Kingdom, your systems and your protocol allow. And what's more, you will find it manages more than patches! Ultimately, in real-time, all vulnerabilities can be monitored, managed and eradicated. The inspector's scans we'll render incapacitated! The bugs and pests emaciated! Accurate reporting shall be substantiated!

"I call it 'Vulnerability Assessment & Remediation Management INTegration' or VARMINT for short. A varmint will never quit, ever. VARMINT will solve the 'hole plugging problem' and more. But I must be going. I need to prepare the case, examine the environment, know the inventory, devise a policy, procedures and guidelines, define requirements, ROI...Oh my! I apologize, my lords and lady, for I have tee time in ten minutes with his honor, Judge Smails. I'll be back. Toodaloo and Billy Baroo!" Then the consultant rode off on his high horse.

"You know, D-Day, I think he's on to something."

"What are you talking about, Pokey? That guy's got holes in his head!"

"No, no, think about it," Pokey interrupted. "Real-time knowledge of our inventory -- the configurations, patch status, password's security nirvana! Who was that masked man?"

About the author
Bill Kirkendale, CISSP, has been an IT professional for 14 years and is a former United States Marine. He is a senior consultant at BearingPoint.

Last episode: No peasant (or princess) left behind
Next episode: The masked man returns to accomplish his mission and submit to a deposition (turns out the pizza guy was a third-year law student).

This was last published in May 2004

Dig Deeper on Risk assessments, metrics and frameworks

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.