Professional Documents
Culture Documents
Information Security Management
Information Security Management
Information Security Management
Configuration Management
1. Planning.
4. Monitoring.
This phase identifies previously undiscovered or undocumented system
components, misconfigurations, vulnerabilities and unauthorized changes
— all of which can expose organizations to increased risk.
Automated tools help organizations to efficiently identify when the system
is not consistent with the approved baseline configuration and when
remediation actions are necessary.
The vulnerability management lifecycle
2. Focus on remediation
Prompt remediation of vulnerabilities and configuration issues is
essential, as attackers act quickly and continue to get better at
exploiting security gaps once identified.
Always perform frequent scans and have good situational awareness of
where these weak points are and fix them.
3. Track your remediation cadence over time
Understanding both the speed and success of your remediation
program is a key to understanding the effectiveness of your
vulnerability and configuration management efforts.
At the Verify phase, you not only need to validate whether the
required changes have been made but also evaluate metrics to your
performance.