Vulnerability assessment has been a security requirement for every major regulatory agency over the last 15 years. Yet, time and again, after-incident reports reveal that costly breaches, causing millions of dollars in damage, are a result of known vulnerabilities that went unpatched due to a lack of connection to business criticality.
In this whitepaper written by SANS security expert, John Pescatore, you’ll learn how to avoid this “lack of context” trap by adopting a risk-based approach to vulnerability management. Reading this paper will help you answer several key security questions including:
- How do I measure the business risk underlying any given vulnerability?
- What concrete steps can I take to migrate to a risk-based VM program?
- Which questions and selection criteria should I consider when evaluating technology products and vendors?