Security Basics mailing list archives
Vulnerability Management
From: kohi10 () rogers com
Date: 29 Jan 2006 17:27:52 -0000
I have just been assigned to a new project, creating a vulnerability management process and procedures for a very large business, and am looking for some guidance. I have done this before, but for much simpler organizations. The infrastructure is huge, there is little in the way of supporting documentation, such as asset lists and network maps, and the business is very "siloed". There is a basic process in place at the moment that was created many years ago, however it was never closely followed, much has changed in the environment, and the process was never updated. It has many weaknesses, such as 1 person that carries a pager 24/7 that must also be in the office during business hours without fail. Every CVE announcement goes to the pager, so the guy is not going to get a lot of sleep. Are there any examples available of what others have done in similar circumstances? What are others doing to manage the deluge of vulnerability announcements from Secunia, Bugtraq, Nist, and the dreaded patch Tuesday? Thanks! Kohi --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Vulnerability Management kohi10 (Jan 31)