Vulnerability Management and Assessment Phase


The vulnerability management life cycle is a crucial procedure that aids in locating and fixing security flaws before they may be used against you. This entails establishing an organization's risk posture and policies, compiling a comprehensive list of all the systems it owns, scanning and evaluating the environment for exposures and vulnerabilities, and acting to mitigate any vulnerabilities.

PHASES

There are a total of 6 phases, further divided into 3 categories i.e. Pre-Assessment, Assessment and Post-Assessment Phase. 

Pre-Assessment Phase

This category consists of one phase i.e., Identify Assets and Create a Baseline phaseThis phase identifies critical assets and prioritizes them to define the risk based on the criticality and value of each system. The following are the steps involved in creating a baseline:
  • Identify and understand business processes.
  • Identify the applications, data, and services that support the business processes and perform code reviews. 
  • Identify approved software, drives, and the basic configuration of each system. 
  • Create an inventory of all assets, and prioritize/rank critical assets. 
  • Understand the network architecture and map the network infrastructure.
  • Identify the controls already in place
  • Understand policy implementation and standards compliance
  • Define the scope of the assessment
  • Create information protection procedures to support effective planning, scheduling, coordination, and logistics. 

Vulnerability Assessment

This category consists of one phase i.e., Vulnerability Scan. In this step, the security analyst performs the vulnerability scan on the network to identify the known vulnerabilities in the organization's infrastructure. The ultimate goal of vulnerability scanning is to scan, examine, evaluate, and report the vulnerabilities in the organisation's information system. Steps involved in the assessment phase:
  • Examine and evaluate the physical security
  • Check for misconfigurations and human errors
  • Run vulnerability scans using tools
  • Select the type of scan based on the organization or compliance requirements
  • Identify and prioritize vulnerabilities
  • Identify false positives and false negatives
  • Apply the business and technology context to scanner results
  • Perform OSINT information gathering to validate the vulnerabilities
  • Create a vulnerability scan report

Post-Assessment Phase

This category consists of four phases. The post-assessment phase is also known as the recommendation phase. It is performed after and based on risk assessment. Post-assessment includes Risk Assessment, Remediation, Verification, and Monitoring

  • Risk Assessment: The risk assessment summarizes the vulnerability and risk level identified for each of the select assets. The tasks performed in the risk assessment phase include:
    • Perform Risk Categorization (critical, high, medium, and low)
    • Assess the level of impact
    • Determine the threat and risk levels
  • Remediation: It is the process of applying fixes to vulnerable systems to reduce the impact and severity of vulnerabilities. The tasks performed in the remediation phase include:
    • Prioritize remediation based on the risk ranking
    • Develop an action plan to implement the recommendation
    • Perform root cause analysis
    • Apply patches/fixes
    • Capture lessons learned
    • Conduct awareness training
  • Verification: This phase provides clear visibility into the firm and allows the security team to check whether all the previous phases have been perfectly employed or not. The tasks performed in the verification phase include:
    • Rescan of systems to identify if the applied fix has remediated the vulnerability
    • Perform dynamic analysis
    • Review attack surface
  • Monitor: Continuous monitoring identifies potential threats and any new vulnerabilities that have evolved. The tasks performed in the monitor phase include:
    • Periodic Vulnerability scan and assessment
    • Timely remediation of identified vulnerabilities
    • Intrusion detection and intrusion prevention logs. 
    • Implementation of policies, procedures, and controls. 

You might be interested in,

No comments:

Post a Comment