Vulnerability Management 101: Practical Experience and Recommendations

BSidesLV 2018

Presented by: Eric Bryan
Date: Tuesday August 07, 2018
Time: 18:00 - 18:25
Location: Proving Ground

Vulnerability management, in the context of information security, is a critical, but often overlooked aspect in a comprehensive security posture. Many organizations are limited by time and resources to simply fighting fires and operating in a reactive methodology. Without a clear, defined, and management-supported vulnerability management effort, an organization may continue to operate indefinitely with a reactive methodology. There are three overarching components of vulnerability management that are to be considered in this process: Vulnerability discovery -how does an organization become aware of existing or newly published vulnerabilities?Vulnerability notification -how does an organization communicate discovered vulnerabilities to those responsible for the affected system(s)?Remediation verification -how does an organization validate the remediation/justification responses of those responsible for remediation? In considering these three factors, I intend to communicate successful examples of vulnerability management from discovery to notification, remediation, and, finally, verification. Recommendations for organizations new to vulnerability management are also included.

Eric Bryan


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats