ITMPI FLAT 003
Main Menu
Home / Uncategorized / Risk Management: Understand Vulnerabilities First

Risk Management: Understand Vulnerabilities First

It's easy to see where an organization underspent or overspent in the evaluation and mitigation of risks ““ there's almost always a point where, in hindsight, the right amount of control is discovered. The solution, according to Peter Spier, is a mix between business minded and technical risk management. The balance helps create a solution that is both cost and needs effective. By using a Common Vulnerability Scoring System (CVSS), an organization can identify “vulnerability access vectors, complexity, authentication requirements, and the potential impact to confidentiality, integrity, and availability.” However, having these security controls in place doesn't make you invulnerable: For example, suppose a database server is identified as being prone to one or more SQL injection vulnerabilities. It is isolated to a dedicated network segment with established access controls restricting communications to authorized internal hosts and the entirety of network assets protected by host-based and perimeter security controls including, respectively, both anti-virus protection and an intrusion prevention system. While the probability of exploit is arguably contained, the vulnerability remains. This is one of the reasons why understanding vulnerability is essential: without understanding it is impossible to recognize what will and will not be effective in managing them, what risks will still exist, or what vulnerabilities were not addressed.

About Matthew Kabik

Matthew Kabik is the former Editor of Computer Aid's Accelerating IT Success. He worked at Computer Aid, Inc. from 2008 to 2014 in the Harrisburg offices, where he was a copywriter, swordsman, social media consultant, and trainer before moving into editorial.

Check Also

The Robot Will See You Now: AI and Your Health Care

Health care is–as some have recently realized–complicated. Robots and apps will only make things more …

Leave a Reply

Your email address will not be published. Required fields are marked *

Sorry, but this content
is for our subscribers only!

But subscribing to ACCELERATING IT SUCCESS is FREE and only one click away!
Join more than 40,000 IT Professionals and get the best IT management articles to your mailbox with Accelerating IT Success!

Unsubscribe at any time