Understanding Vulnerability Management

By Seguridad Staff 12 years ago

Understanding Vulnerability Management
By Harry Raymond

With business today being almost invariably carried out with the support of computer technologies, owners need to be acutely aware of the risks facing their business and ensure that they have appropriate web application security in place. They should also undertake penetration testing as appropriate. In particular, owners of organisations should be aware of IT vulnerabilities and how such vulnerabilities can be countered and managed.

What Are Vulnerabilities?

Vulnerabilities can be defined as bugs in software or hardware or a misconfiguration that can be improperly used by an individual to the detriment of an organisation or business. Quite often in the world of IT, patch management, configuration management and security management are grouped together as one IT problem, being the collective problem of vulnerability management.

The Importance of Vulnerability Management:

For organisations to effectively protect their IT assets and systems, it is useful to engage in a process of penetration testing and ongoing network security monitoring.

Vulnerability management can sometimes seem deceptively simple. However, in increasingly complex business environments and for organisations of all sizes, vulnerability management is quite complex and involved. In any one organisation, unique applications, remote and mobile users and specialised, much relied upon servers are prominent features and all of these have distinct needs that unfortunately cannot be ‘fixed’ or secured and then abandoned. Ongoing attention is required.

Technology presents an ever evolving and changing space. Software companies are known to release code that is not always adequately tested or secured, security is not built into hardware as standard and all too often administrators of systems on the ground are left to manage the problems and issues that arise. Added to this, there are also regulations for compliance that companies must abide by.

All of these factors in combination result in a potentially stressful situation for management and business owners. And, as we all know, high pressure environments can quickly lead to mistakes and errors which are sometimes expensive.

A Window of Vulnerability:

The difficulties pertaining to vulnerability management create a ‘Window of Vulnerability’. This term is used to explain the length of time in which a computer system has inadequate web application security and is exposed and vulnerable to a particular security flaw, problem with configuration or any other factor that limits the overall security of the system.

When thinking about Windows of Vulnerability, there are two types that need to be understood:

� Unknown Window of Vulnerability – this refers to the amount of time taken between the vulnerability being identified and the system being patched

� Known Window of Vulnerability – this refers to the time from a patch being released by a vendor and the system being patched.

For most organisations, the second of these terms is the most significant. However, businesses also need to plan to mitigate problems and so recognition of the Unknown Window of Vulnerability is also very important.

Some organisations offer information on known vulnerabilities in advance of vendor patches being made available (this service is for payment). A number of large organisations recognise the benefits of this, but it does come with a note of warning. Such services are generally expensive and it is recommended that companies do their own research into the quality and quantity of vulnerabilities.

Vulnerability management is important as no organisation wants to leave themselves open to exploitation. It is also important for organisations to know and have strategies to protect themselves from multiple levels of risk to vulnerabilities. Here, the time taken to identify and deal with vulnerability (by way of a patch or workaround) is critical. Organisations should also be committed to ongoing network security auditing and thorough penetration testing to best protect their IT interests.

By the way, do you want to learn more about Computers and Technology? If so, I suggest you check IT Support and Business IT Support.

Article Source: http://EzineArticles.com/?expert=Harry_Raymond

http://EzineArticles.com/?Understanding-Vulnerability-Management&id=6153894

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *