From SANS: How to Show Business Benefit by Moving to Risk-Based Vulnerability Management

In this buyer’s guide, you’ll learn which technologies you need to assess, prioritize and remediate your most critical vulnerabilities.

Vulnerability assessment has been a security requirement for every major regulatory agency over the last 15 years. Yet, time and again, after-incident reports reveal that costly breaches, causing millions of dollars in damage, are a result of known vulnerabilities that went unpatched due to a lack of connection to business criticality.

In this whitepaper written by SANS security expert, John Pescatore, you’ll learn how to avoid this “lack of context” trap by adopting a risk-based approach to vulnerability management. Reading this paper will help you answer several key security questions including:

• How do I measure the business risk underlying any given vulnerability?
• What concrete steps can I take to migrate to a risk-based VM program?
• Which questions and selection criteria should I consider when evaluating technology products and vendors?

Sponsored by Tenable, this paper delivers insights and advice to help your security team reduce time to mitigate and achieve the greatest reduction in business risk with your limited security resources.

Author:

John Pescatore

Director of Emerging Security Trends, SANS Institute