Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • A Guidance Framework For Developing and Implementing Vulnerability Management

    Uploaded by

    L Caroli
    89 views4 pages

    Original Title

    figures_410271

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    89 views4 pages

    A Guidance Framework For Developing and Implementing Vulnerability Management

    Uploaded by

    L Caroli

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 4

    A Guidance Framework

    for Developing and


    Implementing
    Vulnerability
    Management
    Downloadable Figures
    Augusto Barros, Anna Belak, Michael Clark

    © 2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This presentation, including all supporting materials, is
    proprietary to Gartner, Inc. and/or its affiliates and is for the sole internal use of the intended recipients. Because this presentation may contain information that is confidential,
    proprietary or otherwise legally protected, it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates.
    Figure 1
    The Vulnerability Management Cycle

    Add threat
    context
    Assign Gauge
    value exposure Remediate

    Prework

    Determine scope
    Mitigate
    of program
    Report Accept risk
    Define roles and
    responsibilities
    Scan VM
    Select vulnerability
    assessment tools Identify
    assets

    Create and refine Rescan


    policy and SLAs

    Identify asset Eliminate


    context sources underlying Validate
    Evolve
    issues
    process
    and SLA Evaluate
    metrics

    Source: Gartner
    ID: 410271

    2 © 2019 Gartner, Inc. and/or its affiliates. All rights reserved.


    Figure 2
    Primary Components of Vulnerability Prioritization

    Asset context

    Asset Potential
    Exposure Business Impact

    Threat Vulnerability
    Context Severity

    Vulnerability context

    Source: Gartner
    ID: 410271

    3 © 2019 Gartner, Inc. and/or its affiliates. All rights reserved.


    Figure 3
    Decision Workflow for Handling a Vulnerability

    Identify Possible to Possible to Accept


    Vulnerability Remediate? Mitigate? Risk?

    Apply
    Approve
    Apply Fix Mitigation
    Exception
    Controls

    Revisit on
    Validate
    Expiration

    Source: Gartner
    ID: 410271

    4 © 2019 Gartner, Inc. and/or its affiliates. All rights reserved.

    You might also like