• comprendere il processo di “vulnerability management”;
• saper differenziare le diverse tipologie di vulnerability management (high e low);
• passare da un approccio technology-based ad un approccio risk-based;
• conoscere le best practice del vulnerability management;
• formulare le raccomandazioni e suggerimenti in modo più efficace nei confronti dei chief information officer, chief information security officer, chief executive officere chief financial officer.

Indice del documento

• 1 Summary for the Chief Audit Executive
• 2 Introduction
• 2.1 Identifying Poor Vulnerability Management
• 2.2 Improving Vulnerability Management
• 2.3 The Internal Auditor’s Role
• 2.4 How Vulnerability Management Drives Changes to the IT Infrastructure
• 3 Vulnerability Management Lifecycle
• 3.1 Identification and Validation
• Scoping Systems
• Detecting Vulnerabilities
• Validating Findings
• 3.2 Risk Assessment and Prioritization
• Assessing Risks
• Prioritizing Vulnerabilities
• 3.3 Remediation
• Mitigating Critical Vulnerabilities
• Creating a Vulnerability Mitigation Process
• 3.4 Continually Improve
• Stopping the Spread
• Setting Expectations With OLAs
• Achieving Efficiency Through Automation
• Using Past Experience to Guide Future Actions
• 4 Organization Maturity
• 4.1 Low Performers
• 4.2 High Performers
• 5 Appendix
• 5.1 Metrics
• 5.2 Top 10 Questions CAEs Should Ask About Vulnerability Management
• 5.3 A Word on Vulnerability and Risk Management
• 5.4 Vulnerability Resources for the Internal Aud
• 5.5 Glossary
• 6 References
• 7 About the Authors
• Reviewers

IsacaRoma Newsletter link

Chi è Agatino Grillo?