Definition of Vulnerability Management
Vulnerability Management is the process of implementing or maintaining a vulnerability assessment program.
|
|
Vulnerability Management
|
|
Strategies for Improving Vulnerability Assessment Effectiveness in Large Organizations
Implementing or maintaining a vulnerability assessment program in a large organization requires a dedicated team to conduct the assessments, and to evaluate the findings. In most businesses, security is not a revenue generator; indeed, it is a cost center. In order to provide value, you must either improve the effectiveness of the program, or reduce the drain on resources. There are several steps that can be taken to reduce the impact to your environment, to include: effective communication of the program, use of appropriate change and enterprise management, placement of assessment tools, tuning the assessment policy and automating the assessment. In addition, a new process to manage the assessment data, termed vulnerability management, has materialized. This spawned the creation of several new solutions to address the issue of data management. Combined with the essential elements stated above, these tools will increase the effectiveness of your vulnerability assessment program.
Read the Article
|
10 Vulnerabilities a Scanner Might Not Find
In a world where services are becoming economically more emphasized than products, those organizations seeking to remain in the products sphere survive due to differentiation alone. However, despite the billions of dollars spent on security products and services, the innovation and inventions behind these organizations remain dangerously exposed to theft, destruction, and modification. This paper presents 10 vulnerabilities a scanner might not identify.
Read the Article
|
Distributed scan model for Enterprise-Wide Network Vulnerability Assessment
Conducting an Enterprise-wide Vulnerability Assessment (VA) on a regular basis, as required risk management, is extremely time- consuming task for security professionals. Enterprise networks are usually widely distributed, located in different places, towns and even counties. A structure of the network is very complex and is separated to different type of zone, sometimes with highly restricted physical access. Average amount of hosts in network is estimated as thousands or tens thousands. Security administrators cannot accommodate a growing amount of requests for network assessment. They are looking for new ideas, news approaches and news tools for Enterprise Vulnerability Assessment.
Read the Article
|
The Ethics and Legality of Port Scanning
Port scanning is an ideological ambiguity within the computer industry. While usually considered malicious, port scanning is often used by system administrators to diagnose problems on their own network. While most private organizations prohibit the activity, there are currently no state or federal laws that specifically address it. This paper will define and outline the process of port scanning, discuss ethical and legal issues surrounding port scanning, and assert the importance of strictly defining scanning in an organization's policy.
Read the Article
|
System identification for vulnerability assessment
Identifying systems is an especially difficult task in large corporate, educational or public networks. These networks usually have distributed asset management and technical support functions. As wired network access had become commonplace and wireless network access grows in popularity, it becomes more and more difficult to keep an up to date listing of the systems that comprise your network. Keeping tabs on legitimate connections to the network becomes increasingly difficult in large networks with decentralized inventory and asset management and varying levels of support. Manual asset and inventory systems usually have little detail about network connectivity or software. Even in organizations that have formal centralized inventories, both operating systems and network connectivity details are either not part of the data available or simply not populated.
Read the Article
|
Footprinting What Is It, Who Should Do It, And Why?
Are you footprinting your systems? Or is an attacker doing it for you? Yes, footprinting can be good for you just like scanning. The process of footprinting is the first step in information gathering of hackers. To perform or thwart a successful attack, one needs to gather information. The hacker's intention is to learn about all aspects of the perspective organization's security posture, profile of their Intranet, remote access capabilities, and intranet/extranet presence.
Read the Article
|
Footprint Your Intranet
How well do you know your intranet? By that I mean: do you know what machines are connected to your intranet; do you know how they are configured to communicate and what services are available; and would you know if a new workstation or server was connected? Knowing the answers to these questions has been a quest that I have pursued time and again during my cyber security career of over 13 years. When I began, I used to practice computer security by walking around, observing, talking and asking questions, and demonstrating that computer security measures and procedures would not hamper operational concerns or progress. In today's information technology environment, that is no longer a viable method of fulfilling the responsibilities of a cyber security program manager.
Read the Article
|
Vulnerability Identification and Remediation Through Best Security Practices
This paper provides only a beginning framework from which you can continue to build and refine your security efforts. Many other items must be taken into account and effectively addressed in order to implement a comprehensive security plan. Some of these topics, which are not addressed in this paper, include unix hosts, modem attacks, social engineering, intrusion detection systems, firewalls, encryption, and the detailed hardening of operating systems and applications. But, the basic principal of removing enticements, while both strengthening and monitoring systems through the application of appropriate Best Security Practices, is universal.
Read the Article
|
Vulnerability Assessment Survey
Organizations have a tremendous opportunity to use information technologies to increase their productivity. Securing information and communications systems will be a necessary factor in taking advantage of all this increased connectivity, speed and information. However, no security measure will guarantee a risk free environment in which to operate. In fact, many organizations will need to provide easier access by users to portions of their information systems, thereby increasing potential exposure.
Read the Article
|
Case Study: A Risk Audit of a Very Small Business
Many security case studies focus on large businesses, or on small businesses, for limited values of "small." The US Federal Government defines a small business as having fewer than 100 employees and, depending on industry, an annual income of less than a number ranging from $0.75 Million to $28.5 Million.1 Many businesses, however, are far smaller than that, but could still benefit from security awareness. This is a security audit of one such business, focusing on the discovery and risk analysis process. This paper describes the environment, determines and assesses risks, and addresses the risks that we found. At the start of this process, the biggest known risk was uncertainty, the "We don't know what we don't know" factor. Therefore, this paper will focus on the discovery and risk analysis process, and provide technical details in appendices.
Read the Article
|
|
|
Page: 1 2 3 4
Members currently browsing this category:
|
|
