Vulnerability management might be modern, but it’s based on ancient strategies. A Crowe cybersecurity professional explains why it’s a critical tool on the cybersecurity battleground.
Attacks, Trojan horses, espionage, and takeovers make today’s cybersecurity landscape seem like a 21st-century battleground. While the environment in which these battles occur has changed dramatically over the centuries, ancient strategies still apply – specifically those of the sixth-century B.C. military general, philosopher, and strategist Sun Tzu.
Companies that know themselves, especially their strengths and weaknesses, can more effectively determine whether today’s digital threats are just a nuisance or are severe enough to shut down operations. Vulnerability management (VM) is the modern corporate method organizations can use to identify, track, respond to, and remediate cybersecurity weaknesses before they are exploited.
“If you know the enemy and know yourself, you need not fear the result of a hundred battles.” – Sun Tzu
To know themselves, organizations must define policies and procedures to find, track, and fix cybersecurity vulnerabilities. An organization’s vulnerability management program often resides with its information security function. Information security is responsible for gathering the details, tracking vulnerabilities through remediation, handling exceptions, and, if necessary, facilitating the discussion to balance risk to the organization with level of effort, prioritization, and cost. The information security function must work with the system owners and the development team for the VM program to succeed and to raise the security bar for the organization.