Vulnerability Management Flashcards
1
Q
What does a vulnerability assessment seek to identfy?
A
Any issues in a network, application, database or other system before it is used. This is a formal process.
2
Q
What is the practice of finding vulnerabilities?
A
Vulnerability management.
Note: The process is, Scan > Patch > Scan > repeating of course
3
Q
What 3 questions can help scope your vulnerability assessments?
A
- What is the value of information that would be compromised?
- What is the threat your system is facing?
- What mitigation strategy could you deploy?
4
Q
Summarize the vulnerability process in 5 steps
A
- Define the desired state of security (you cant stop every threat and you cant protect yourself from everything equally)
- Create a baseline (set your “normal”)
- Prioritize the vulnerabilities (which ones should be addressed first?)
- Mitigate vulnerabilities (patching, controls, configurations)
- Monitor the network and systems then rinse/repeat