Implement a Risk-Based Approach to Vulnerability Management

Published: 21 August 2018 ID: G00356414

Analyst(s): |

Purchase this Document

Price: $195.00 USD (PAGES: 17)

To purchase this document, you will need to register or sign in above.


A vulnerability is only as bad as the threat exploiting it and the impact on the organization. Security and risk management leaders should rate vulnerabilities on the basis of risk in order to improve vulnerability management program effectiveness.

Table of Contents

  • Introduction
  • Analysis
    • Implement Vulnerability Management as a Program That Involves Discovery, Prioritization and Then Treatment
      • Don’t Bring Superstition to a Fact Fight
      • Zero Day, a Problem or Not?
      • The Vulnerability Landscape
    • Taking a Risk-Based Approach, Correlate Asset Value, Severity of Vulnerabilities and Threat Actor
    • Use Tools to Automate Vulnerability Treatment Prioritization
    • Use a Risk-Based Approach to Employ Mitigating Controls to Reduce the Attack Surface When You Are Unable to Patch Vulnerabilities
  • Gartner Recommended Reading
© 2018 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartners research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Why Gartner

Gartner delivers the technology-related insight you need to make the right decisions, every day.

Find out more

Call +1 855-515-4486 or contact us

to become a Gartner client.