Skip to main content

How to Develop an IT Vulnerability Assessment

Information Technology Blog - - How to Develop an IT Vulnerability Assessment - Information Technology Blog

In terms of information security, vulnerability is a weakness that is found in an asset or a control and that can be exploited by one or more threats, which becomes a security risk. One way to protect the information is through the identification, assessment, prioritization and correction of the weaknesses identified in the assets.

This activity is known as Vulnerability Assessment, and it aims to find weaknesses in software or hardware platforms to solve failures, before they can generate a negative impact.

Every security analyst knows that managing vulnerabilities in a corporate network is a never-ending task. According to the study “2017 Enterprise Management Associates”, there are on average 10 vulnerabilities for each IT asset, which amount to an average of about 20,000 vulnerabilities that a midmarket company has to manage at any given time. It is no wonder, then, that 74% of security teams said they were overwhelmed by the amount of vulnerability maintenance work.

With all the stress and scarcity of staff that many teams face due to the cyber security skills crisis, how can these security teams handle the huge volume of vulnerabilities? While it is practically impossible to resolve any vulnerability, with automation and with a correct definition of priorities, security teams can keep vulnerabilities to a manageable level and take care of those that present the greatest risk to the organization.

A vulnerability assessment will help you avoid these kinds of mistakes by helping you make informed business decisions. Instead of approaching security in a dispersed manner, you can use your resources to improve data protection in a meaningful way.

IT managers must protect the weak links in their IT systems. But it is still necessary to know where these weaknesses are. Here’s a IT vulnerability assessment checklist on how to perform or develop an IT vulnerability assessment to establish a security strategy that’s right for your business.

Analyze Critical Business Processes

To be able to put the vulnerabilities of your computer system into perspective, you must first make sure you understand its business processes, especially those that require high levels of compliance and confidentiality. With the support of the various departments of the company, including finance and legal affairs, take the time to identify these processes and the information, applications and infrastructure on which they are based, and then rank them in order of importance.

Remember to consider “hidden” data. The most recent and sensitive information is often found in mobile phones and laptops or fixed-line employees and suppliers. Make sure you understand who uses these devices and how these data flow. Check if these people are providing professional information through public email services, such as Gmail or Yahoo! Corporate branches and the IT department, which use sensitive data to test new applications, can also be weak links.

Perform “Mapping” of the Network

Once the critical processes are targeted, inventory the hardware to get an overview of your network. Identify virtual and physical servers and storage devices, especially those that deliver important applications or contain sensitive information. Include routers and network devices that support the speed and security of your applications and hardware.

Also, list the security measures already implemented to protect important hardware: internal policies, firewalls, intrusion detection and prevention systems (IDPS), virtual private networks (VPNs), and leak prevention systems.

Conduct research and call vendors to ensure you understand the features and protection offered by these devices.

Detect Vulnerabilities

Once this inventory is completed, it is time to move to the actual security analysis. Use a vulnerability scanner to detect vulnerabilities in your system. This analysis will generate a multitude of results, ranked in order of severity. The analysis of this highly technical report is often laborious and complex, and it is sometimes useful to entrust it to a security company.

Analyze the Results

Always analyze the results against your specific context and business processes. Some vulnerabilities need to be addressed without delay, such as those that could put at risk one or more important or sensitive business processes, while others require less attention, such as those affecting infrastructure already protected by multilayer systems. Finally, if your vulnerability analysis recommends the installation of various updates and patches for different software, it might be interesting to consider an integrated security solution.

Final Words

In conclusion, a well-conducted IT vulnerability assessment will allow you to target your priorities, establish a security strategy tailored to your needs, use your resources wisely and better protect your business.

Your team will save time and money, and your entire organization will win!

Originally posted 2019-10-10 22:42:25. Republished by Blog Post Promoter

The post How to Develop an IT Vulnerability Assessment appeared first on Information Technology Blog.



Udimi - Buy Solo Ads from Information Technology Blog https://ift.tt/2IHjJl8
via IFTTT

Comments

Popular posts from this blog

9 VCs in Madrid and Barcelona discuss the COVID-19 era and look to the future

Spain’s startup ecosystem has two main hubs: Madrid and Barcelona. Most observers place Barcelona first and Madrid second, but the gap appears to close every year. Barcelona has benefitted from attracting expats in search of sun, beach and lifestyle who tend to produce more internationally minded startups. Madrid’s startups have predominantly been Spain or Latin America-focused, but have become increasingly international in nature. Although not part of this survey, we expect Valencia to join next year, as city authorities have been going all-out to attract entrepreneurs and investors. The overall Spanish ecosystem is generally less mature than those in the U.K., France, Sweden and Germany, but it has been improving at a fast clip. More recently, entrepreneurs in Spain have moved away from emulating success in pursuit of innovative technologies. Following the financial crisis, the Spanish government supported the creation of startups with the launch of FOND-ICO GLOBAL, a €1.5 billi...

How to Stay Creative and Keep SEO in Mind

Information Technology Blog - - How to Stay Creative and Keep SEO in Mind - Information Technology Blog Search engine optimization (SEO) refers to customizing your website’s content to ensure that web browsers give your website a high SEO score. The sites with the highest SEO scores are featured on the search engine’s first page of search results for relevant searches.  71%  of the click-throughs happen with articles listed on the first page of results on the search engine. This means that if your website’s article is the second (or third, or fourth page), it’s less likely the search user will even see your article. You want your article to be ranking as close to the top of the first page of results as possible. In order to have a good SEO score your site’s content needs to feature keywords and relevant phrases. It must be optimized for easy navigation between pages. It also needs to be referenced via external links that drive traffic to your site. Incorporating all of t...

Everything we know about HHS Protect, a secretive government project with Peter Thiel's Palantir that helps brief Trump's coronavirus task force

A secretive project at the US Department of Health and Human Services is working with technology companies to collect and analyze data related to the novel coronavirus .  Dubbed "HHS Protect," the effort tracks information from around the country about coronavirus case numbers, hospital capacity, and even supply chain issues.  HHS uses Palantir Technologies , a data firm cofounded by Peter Thiel, to distill that information for the White House coronavirus task force. Visit Business Insider's homepage for more stories . A secretive project at the US Department of Health and Human Services is working with technology companies to collect and analyze data related to the novel coronavirus.  Dubbed "HHS Protect," the effort includes roughly 2.5 billion pieces of data from healthcare providers, government officials, and labs around the country about coronavirus case numbers, hospital capacity, and even supply chain issues.  The goal is learn about the progress...