fbpx
Wikipedia

Vulnerability management

December 21, 2023

Vulnerability management is the "cyclical practice of identifying, classifying, prioritizing, remediating, and mitigating" software vulnerabilities.[1] Vulnerability management is integral to computer security and network security, and must not be confused with vulnerability assessment.[2]

Vulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities,[3] such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, vendor specific security updates or subscribing to a commercial vulnerability alerting service. Unknown vulnerabilities, such as a zero-day,[3] may be found with fuzz testing. Fuzzy testing can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).

Correcting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.

Project vulnerability management edit

Project vulnerability is the project's susceptibility to being subject to negative events, the analysis of their impact, and the project's capability to cope with negative events.[4] Based on Systems Thinking, project systemic vulnerability management takes a holistic vision, and proposes the following process:

  1. Project vulnerability identification
  2. Vulnerability analysis
  3. Vulnerability response planning
  4. Vulnerability controlling – which includes implementation, monitoring, control, and lessons learned

Coping with negative events is done, in this model, through:

  • resistance – the static aspect, referring to the capacity to withstand instantaneous damage, and
  • resilience – the dynamic aspect, referring to the capacity to recover in time.

Redundancy is a specific method to increase resistance and resilience in vulnerability management.[5]

Antifragility is a concept introduced by Nassim Nicholas Taleb to describe the capacity of systems to not only resist or recover from adverse events, but also to improve because of them. Antifragility is similar to the concept of positive complexity proposed by Stefan Morcov.

See also edit

References edit

  1. ^ Foreman, Park (2010). Vulnerability management. Boca Raton: CRC Press. p. 1. ISBN 978-1-4398-0151-2. OCLC 444700438.
  2. ^ Walkowski, Michał; Oko, Jacek; Sujecki, Sławomir (19 September 2021). "Vulnerability Management Models Using a Common Vulnerability Scoring System". Applied Sciences. 11 (18): 8735. doi:10.3390/app11188735.
  3. ^ a b Anna-Maija Juuso and Ari Takanen Unknown Vulnerability Management, Codenomicon whitepaper, October 2010 [1].
  4. ^ Marle, Franck; Vidal, Ludovic-Alexandre (2016). Managing Complex, High Risk Projects. London: Springer London. p. [page needed]. doi:10.1007/978-1-4471-6787-7. ISBN 978-1-4471-6785-3. OCLC 934201504.
  5. ^ Nassim N. Taleb, Daniel G. Goldstein (2009-10-01). "The Six Mistakes Executives Make in Risk Management". Harvard Business Review. ISSN 0017-8012. Retrieved 2021-12-13.

External links edit

  • "Implementing a Vulnerability Management Process". SANS Institute.

December 21, 2023
vulnerability, management, this, article, needs, additional, citations, verification, please, help, improve, this, article, adding, citations, reliable, sources, unsourced, material, challenged, removed, find, sources, news, newspapers, books, scholar, jstor, . This article needs additional citations for verification Please help improve this article by adding citations to reliable sources Unsourced material may be challenged and removed Find sources Vulnerability management news newspapers books scholar JSTOR June 2013 Learn how and when to remove this template message Vulnerability management is the cyclical practice of identifying classifying prioritizing remediating and mitigating software vulnerabilities 1 Vulnerability management is integral to computer security and network security and must not be confused with vulnerability assessment 2 Vulnerabilities can be discovered with a vulnerability scanner which analyzes a computer system in search of known vulnerabilities 3 such as open ports insecure software configurations and susceptibility to malware infections They may also be identified by consulting public sources such as NVD vendor specific security updates or subscribing to a commercial vulnerability alerting service Unknown vulnerabilities such as a zero day 3 may be found with fuzz testing Fuzzy testing can identify certain kinds of vulnerabilities such as a buffer overflow with relevant test cases Such analysis can be facilitated by test automation In addition antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously such as attempting to overwrite a system file Correcting vulnerabilities may variously involve the installation of a patch a change in network security policy reconfiguration of software or educating users about social engineering Contents 1 Project vulnerability management 2 See also 3 References 4 External linksProject vulnerability management editProject vulnerability is the project s susceptibility to being subject to negative events the analysis of their impact and the project s capability to cope with negative events 4 Based on Systems Thinking project systemic vulnerability management takes a holistic vision and proposes the following process Project vulnerability identification Vulnerability analysis Vulnerability response planning Vulnerability controlling which includes implementation monitoring control and lessons learnedCoping with negative events is done in this model through resistance the static aspect referring to the capacity to withstand instantaneous damage and resilience the dynamic aspect referring to the capacity to recover in time Redundancy is a specific method to increase resistance and resilience in vulnerability management 5 Antifragility is a concept introduced by Nassim Nicholas Taleb to describe the capacity of systems to not only resist or recover from adverse events but also to improve because of them Antifragility is similar to the concept of positive complexity proposed by Stefan Morcov See also editApplication security Full disclosure IT risk Long term support Project management Project complexity Risk managementReferences edit Foreman Park 2010 Vulnerability management Boca Raton CRC Press p 1 ISBN 978 1 4398 0151 2 OCLC 444700438 Walkowski Michal Oko Jacek Sujecki Slawomir 19 September 2021 Vulnerability Management Models Using a Common Vulnerability Scoring System Applied Sciences 11 18 8735 doi 10 3390 app11188735 a b Anna Maija Juuso and Ari Takanen Unknown Vulnerability Management Codenomicon whitepaper October 2010 1 Marle Franck Vidal Ludovic Alexandre 2016 Managing Complex High Risk Projects London Springer London p page needed doi 10 1007 978 1 4471 6787 7 ISBN 978 1 4471 6785 3 OCLC 934201504 Nassim N Taleb Daniel G Goldstein 2009 10 01 The Six Mistakes Executives Make in Risk Management Harvard Business Review ISSN 0017 8012 Retrieved 2021 12 13 External links edit Implementing a Vulnerability Management Process SANS Institute Retrieved from https en wikipedia org w index php title Vulnerability management amp oldid 1182980860, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.