Information Security Leader, Author, Instructor and Speaker

What Security Vulnerabilities Should Be Fixed First?

Posted on January 12, 2014 in Articles | by

Enterprises who begin a vulnerability management program often find themselves quickly faced with an intimidating avalanche of data. Scan results may show hundreds or even thousands of vulnerabilities distributed across a wide variety of systems and applications. How should security professionals tackle this mountain of risk? In this chapter, we examine a three-prong prioritization program that incorporates external criticality assessments, data sensitivity and the existing control environment to help organizations prioritize remediation efforts.

This three-step process assumes that you have access to information about the vulnerabilities that exist in your environment, the sensitivity of information processed by systems and applications and the state of your existing control environment. These may come from a variety of sources within your vulnerability management program, including web and network vulnerability scanners, data loss prevention systems and configuration management software.

Read More: What Security Vulnerabilities Should Be Fixed First?

Published January 12, 2014 on

TAGS: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography