- Information Security Handbook
- Darren Death
- 311字
- 2021-07-02 21:55:51
Closing information system vulnerabilities
As it relates to information security, a vulnerability is a weakness in a piece of technology (workstation, server, router, IOT, software, cloud, and so on), or a process (operational or management) that lessens the ability to provide assurance that the information system is secure.
In order to properly assess a vulnerability, three aspects of the vulnerability must be taken into account:
- Is the information system susceptible to a given flaw?
- Millions of vulnerabilities exist. You must ascertain if your information system:
- Meets the criteria where the vulnerability exists to include the specific version identified by the vendor
- For example, version 1.01 of a piece of software may be vulnerable to an exploit, while version 1.02 is not
- Millions of vulnerabilities exist. You must ascertain if your information system:
- Can an attacker access the information system in order to take advantage of the flaw?
- Depending on the piece of technology, an attacker may not have ready access to information systems in order to exercise the vulnerability
- This helps to inform the prioritization as it relates to enterprise vulnerability management (which vulnerabilities do you fix first?)
- Do sufficient means exist to exploit the flaw?
- If an active exploit exists in the wild for a given vulnerability, high priority should be given to mitigate the vulnerability in the information system
Based on careful review of the characteristics of vulnerabilities as it relates to your specific information system, the information security professional will be able to ascertain the attack surface for a given vulnerability and establish a priority for how the enterprise should mitigate the vulnerability.
It is important to understand that at any given time hundreds of vulnerabilities could exist in an information system. The information security professional must be able to prioritize critical vulnerabilities that must be patched immediately (all hands on deck) versus vulnerabilities that could be planned out more methodically and mitigated in a much more reasoned approach.

- Dreamweaver CS3網(wǎng)頁制作融會(huì)貫通
- 基于多目標(biāo)決策的數(shù)據(jù)挖掘方法評(píng)估與應(yīng)用
- 我也能做CTO之程序員職業(yè)規(guī)劃
- 激光選區(qū)熔化3D打印技術(shù)
- 筆記本電腦維修90個(gè)精選實(shí)例
- Silverlight 2完美征程
- WOW!Photoshop CS6完全自學(xué)寶典
- 單片機(jī)C51應(yīng)用技術(shù)
- PyTorch深度學(xué)習(xí)
- Hands-On Generative Adversarial Networks with Keras
- Mastering SQL Server 2014 Data Mining
- 軟件測(cè)試管理
- 洞察大數(shù)據(jù)價(jià)值:SAS編程與數(shù)據(jù)挖掘
- Building Analytics Teams
- Practical Autodesk AutoCAD 2021 and AutoCAD LT 2021