Vulnerability management has always been a cornerstone of a sound information security program, but the reality is that traditional scanners uncover too many vulnerabilities for any business to adequately address. Traditional risk management practices have a very technical focus, displaying risks for servers, IP addresses, and other elements and the challenge is that these are seldom understood by the business. With volumes of vulnerabilities throughout the network, having an effective way to understand and prioritize risk remediation efforts can have a major impact on both security and business productivity. Recent breaches at retailers like Target, Neiman Marcus and Michaels have all made front page news, further highlighting the need for business stakeholders to be aware of and accountable for IT security risks in their business units.
Gartner has noted this problem as well, as they wrote in a recent report, “Risk and the accountability for risk acceptance are – and should be – owned by the business units creating and managing those risks.”
Vulnerability management needs to be viewed in a different way, where security teams educate the business on IT risks, but ultimately the decision of what to remediate and when becomes a business decision. This is why today we announced our partnership and integration with Qualys which sets out to address this exact challenge.
And in our latest educational security management video series, Professor Wool examines how to take vulnerability management to the next level by enabling IT risk to be viewed in a business context. Enjoy!
Receive notifications of new posts by email.