This is an easy to follow webinar fro David Hazar that talks about the top-5 failures and best practices in vulnerability management.
Top Five Failures in Vulnerability Management:
- We don't understand our asset management.
- We focus too much on prioritization.
- We only present facts and data.
- We accept too much risk on behalf of the organization
- We are not consistent.
Notes:
- Use API access to create inventory, and supplement/validate to ITAM.
- Balance prioritization with root cause analysis.
- Focus on the solutions with different solution groups and solution types.
- Only Driver and Guardian are interested in facts/data (but not Pioneer and Integrator).
- Storytelling - build the story for leadership.
- Uses owner-based, role-based, and team-based reporting.
- Tracking invisible risks: exclusion.
- Apply standardization, integration and automation.
- Use aging report for those who do nothing.
Best Practices:
- Automate the reconciliation of inventory and process for obtaining contextual data.
- Don't just prioritize. Focus on the bigger picture.
- Learn to communicate more than just facts and data.
- Track risk and technical debt, and communicate it in the right way to the right people.
- Standardize, integrate, and automate your way to increased consistency.
- Automate everything (that can be automated).