A vulnerability is only as bad as the threat exploiting it and the impact on the organization. Security and risk management leaders should rate vulnerabilities on the basis of risk in order to improve vulnerability management program effectiveness.
- Implement Vulnerability Management as a Program That Involves Discovery, Prioritization and Then Treatment
- Don’t Bring Superstition to a Fact Fight
- Zero Day, a Problem or Not?
- The Vulnerability Landscape
- Taking a Risk-Based Approach, Correlate Asset Value, Severity of Vulnerabilities and Threat Actor
- Use Tools to Automate Vulnerability Treatment Prioritization
- Use a Risk-Based Approach to Employ Mitigating Controls to Reduce the Attack Surface When You Are Unable to Patch Vulnerabilities
Gartner Recommended Reading