http://securitywatch.eweek.com/flaws/vulnerability_management_payoff_requires_roadmap.html By Matthew Hines eWEEK Security Watch March 15, 2009 Vulnerability management may be the next big thing in terms of IT security strategy, but deriving the maximum value out of your efforts requires hard work and a comprehensive plan, industry insiders recognize. Speaking at the SOURCE Boston conference this week, scanner maker Tenable Security's Carole Fennelly outlined some of the best practices that organizations should observe as they attempt to identify and remediate security weaknesses that exist throughout their IT systems and applications. While vulnerability scanners such as Tenable's Nessus can provide organizations with loads of valuable data about potential weak points throughout their IT ecosystems, if companies don't have the right road map in place to respond to and act on the results provided by the assessment tools, they won't realize as many benefits of the vulnerability management process, Fennelly said. The expert outlined a series of steps that organizations should follow to help optimize their efforts, which start with prioritizing exactly which assets have to be managed most aggressively. That might sound like obvious advice, but many companies put the carriage in front of the horse in terms of getting involved with vulnerability management without first understanding what they need to address, she said. "Organizations need to create asset lists that define their critical business systems to help prioritize their efforts; they need to have the support of different internal groups to create these lists that will help them mitigate their most critical problems," said Fennelly, Tenable's director of content. "For instance, if you can classify your data and know what area of your network certain data is supposed to be on, then you can tune your scanners to monitor your network appropriately. But admittedly, trying to get business people to come up with this type of classification is often the tough part." [...] _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/Received on Mon Mar 16 2009 - 01:16:28 PDT
This archive was generated by hypermail 2.2.0 : Mon Mar 16 2009 - 01:32:46 PDT