Section 22.215 Vulnerability Response and Remediation Flashcards
Objective 4.3 Explain various activities associated with vulnerability management
Vulnerability Response and Remediation
Involves strategies and actions for identifying, assessing, and addressing vulnerabilities
■ Aims to mitigate risks associated with known vulnerabilities
Vulnerability Response and Remediation
Patching
Process of applying updates to fix software, system, or application vulnerabilities
■ Patches released by software vendors
■ End users must update their software to apply security patches
Vulnerability Response and Remediation
Insurance Policy
Procuring a cybersecurity insurance policy as a risk management strategy
■ Mitigates financial losses resulting from cyber incidents (data breach, network outage, business interruption)
■ Covers mitigation, remediation, recovery costs, legal fees, public relations, and customer notification
Vulnerability Response and Remediation
Network Segmentation
Dividing a network into smaller segments to improve performance and security
■ Isolates segments from each other to prevent threat propagation
Vulnerability Response and Remediation
Compensating Controls
Alternative security measures when standard controls cannot be effectively
implemented
■ Tailored to provide equivalent protection
Vulnerability Response and Remediation
Exception and Exemption
■ Exception: Temporarily relaxing or bypassing security controls or policies for operational business needs, with an understanding of associated risks
■ Exemption: A permanent waiver of security controls or policies due to specific reasons, often for legacy systems
