Vulnerability Management Paper

What is vulnerability management? It is the practice of identifying, classifying, remediating, and mitigating vulnerabilities, especially in software and firmware (Wheeler, 2011). Vulnerability management is a continuous information security risk process that requires management oversight. There are four high level processes that encompass vulnerability management. They are Discovery, Reporting, Prioritization and Response. Each process and sub processes within it need to be part of a continuous cycle focused on improving security and reducing the risk profile of network assets. It is an integral to computer security and network security (Gallager, 2010). Discovery is the process by which network assets are found, categorized and assessed.
Start with a small scope to prevent being overwhelmed by thousands of vulnerabilities. This can be done by starting out with a few systems, or by limiting the results to critical\high. This phase is the responsibility of the security officer. It is important to obtain an agreement which systems will be included or excluded from the vulnerability management process (Palmer, 2013). Once the preparation phase is complete, the initial vulnerability scans are performed. If any issues which occurs during the scans they should be recorded since it could happen again in future scans. Vulnerability scanning tools offer a wide range of reporting options. It is necessary to use them to create a various number of reports. the security officer will be interested in the risk the organization is currently facing, this risk includes number of vulnerabilities detected and the severity/risk rating of the identified vulnerabilities.
Once the initial scan is done, the next phase is defining remediating actions. This involves the asset owner, security officer, and the IT department. The security officer will analyze the vulnerabilities, determine the associated risks and will provide input on