Professional Documents
Culture Documents
A Guidance Framework For Developing and Implementing Vulnerability Management
A Guidance Framework For Developing and Implementing Vulnerability Management
© 2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This presentation, including all supporting materials, is
proprietary to Gartner, Inc. and/or its affiliates and is for the sole internal use of the intended recipients. Because this presentation may contain information that is confidential,
proprietary or otherwise legally protected, it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates.
Figure 1
The Vulnerability Management Cycle
Add threat
context
Assign Gauge
value exposure Remediate
Prework
Determine scope
Mitigate
of program
Report Accept risk
Define roles and
responsibilities
Scan VM
Select vulnerability
assessment tools Identify
assets
Source: Gartner
ID: 410271
Asset context
Asset Potential
Exposure Business Impact
Threat Vulnerability
Context Severity
Vulnerability context
Source: Gartner
ID: 410271
Apply
Approve
Apply Fix Mitigation
Exception
Controls
Revisit on
Validate
Expiration
Source: Gartner
ID: 410271