Vulnerability assessment is a process that defines, identifies, and classifies the security holes in a computer, network, or communications infrastructure. In addition, vulnerability analysis can forecast the effectiveness of proposed countermeasures and evaluate their actual effectiveness after they are put into use.
Vulnerability management program addresses the inherent problem associated with vulnerable software programs. These vulnerability if not checked and fixed may be exploited anytime thus giving unauthorised access to your organizations systems and networks, theft of your organizations confidential data, Regulatory/compliance violations and so on.
Key Program Metrics
Mean time to resolve any reported vulnerability :
The time interval taken to remediate any vulnerabilities as reported by the VA tool
Remediation time for critical vulnerabilities :
This is the remediation time for vulnerability whose active exploits exist in the market and can have severe impact on the organization if exploited
# systems & applications not scanned for vulnerabilities :
This metrics will tell you the number of systems and applications which could become the entry point for hackers and they are never scanned for any vulnerabilities inside them. This is important because scanning only critical systems is not always safe, you have to scan systems & apps which are less critical and could be exploited.
# of vulnerabilities for which no patch is available :
This allows you to identify systems and applications for which you have to take extra care of or isolate since no patch is available to fix their vulnerabilities
# exceptions granted (Vulnerabilities) :
This metrics allows you to track the vulnerabilities which you may consider to be not critical and defer its remediation for the time being. You may set rules in your scanner to overlook such vulnerabilities but you have to track them for auditing and/or future actions
Do let me know if you want us to add or modify above information.
Check out the Vulnerability Assessment (VA) market within Product comparison platform to get more information on these markets
Comments