Hitachi

U.S.A.

Hitachi Group Global Network

Americas

Asia

Europe

Middle East and Africa

Oceania

Close

How Vulnerability Assessments Fit into Your Vulnerability Management Strategy
You are here: Home \ Vulnerability Assessment \ How Vulnerability Assessments Fit into Your Vulnerability Management Strategy
Vulnerability Assessment and Vulnerability Management Strategy
Posted on Tuesday, June 27th, 2017 by

Wouldn’t it be great if you could hit the gym one time and find yourself back at your college weight? Unfortunately, permanent weight loss and fitness doesn’t work this way; and neither does IT security.

A vulnerability assessment is an important first step to improving IT security, but no one ever got far with just one step. The vulnerability assessment (VA) is a great snapshot, but it needs to become part of an ongoing process in order to successfully eliminate security gaps.

Related post: The Difference Between Vulnerability Assessments and Vulnerability Management

 

Vulnerability assessments inform vulnerability management

A vulnerability assessment has a start date and an end date, but it should be part of an ongoing approach to securing your IT assets. Once you identify, quantify and prioritize your strengths and weaknesses through your VA, your work is only beginning. From there, you need to create a plan to prioritize and mitigate the risks you found. This is where vulnerability assessment dictates the recommendations and goals of a vulnerability management program.

 

When Perform a VA?

You’ll want to perform VAs on a regular basis, either annually or semi-annually, or during milestone moments like adding systems through acquisition or other significant changes in the IT infrastructure. For example, if you’re designing or developing a new IT system, upgrading your infrastructure or applications, or reporting compliance, these are moments when a VA makes sense. Each time you run a VA, you’ll get the latest vulnerability information on your assets, the vulnerabilities that can potentially threaten them and indicators to strengthen your defenses.

 

For better ROI, don’t DIY your VA

So, if you need to have regular VAs in order to close security gaps, can you opt for an automated tool and perform assessments yourself? Maybe…but you’ll pay a bigger price in the end. VAs deliver reams of data. Some of it might indicate the need for a simple patch, and some of it might indicate a serious problem that requires server hardening, network reconfiguration or other in-depth responses. Having an expert on hand to help you identify the difference is essential.

 

Before you engage with a vendor, make sure you know what you’ll get. You’ll want someone who will sit down across from you after the assessment, explain the resulting report and recommend a roadmap to remedy security gaps – then do it all again when it’s time for your next VA.


Find out more about making VAs part of your ongoing IT security regimen. Download our free e-book, “Vulnerability Assessments: Gauging the Health of your Security Program.”

 

Download Vulnerability assessments: Gauging the health of your security program

Robert Bond
About author:
Robert Bond is the Director of Marketing at Hitachi Systems Security. Robert is responsible for the education of prospective customers as well as the satisfaction and engagement of current customers. Robert has been in the information technology, security and digital forensic industries for over 15 years. He has a Bachelors degree from the University of Maryland and an MBA in marketing from Indiana University.

Latest Webinars | Watch Now

 

The Next Generation of Managed Security, in collaboration with PCM.

Watch Now

Reporting Data Privacy Obligations to the Board: A Practical Approach to Ongoing Compliance, in collaboration with Nymity.

Watch Now

Subscribe

Recent Videos

What is Penetration Testing?

What is a Vulnerability Assessment?

What is a Control Assessment?


More