CIOReview | | 9 DECEMBER 2022acute understanding of the environment, controls deployed and knowledge of attack vectors that can be used for potential exploitation of a weakness against these controls at each level in the security stack. This complex analysis determines the level of severity and prioritization for remediation to deter possible impact to the business.Remediation:Remediation of vulnerabilities typically requires actions of the solution owner. This unanticipated work for the technologist can come at any time based on potential exposure, typically against planned schedules and often new to the technologist's thinking. The art of Vulnerability Management lies in working with the solution owner in resolving issues in a timely manner through clearly communicating the details of the security finding and the associated risk. This often requires collaboration across the enterprise, helping technologists overcome obstacles, training in secure methods, analyzing trends, recognizing and resolving systemic issues, while tracking and reporting resolution to identified findings. This stage of Vulnerability Management is where you see key elements of the company culture in action.Automation:Vulnerability Management efforts often commensurate with the size of the company's technology footprint. For large companies, this may require a dedicated team to aggregate data from multiple sources and correlate finding details with asset management as well as ownership information in a continuous repeatable process. The sensitive nature of the discoveries would need to have strong controls and available on demand, presented in a consumable way to notify, monitor and track remediation efforts. The futureCompanies must evolve to stay ahead in today's global environment. Security and technology must be integrated with the business to adapt to the rapid pace.This involves being vigilant in updating solutions critical to organizations' operations and mission as well as eliminating solutions with dated/immature security controls to reduce organizations' security footprint from potential exposure.Availability and accessibility of cloud processing allow for solutions to be deployed faster, which creates additional challenges for Vulnerability Management.The ephemeral nature of cloud technology can offer a level of obfuscation from threat actors, but does not remove a solution's weaknesses. This transitory nature also challenges traditional tracking methods for Vulnerability Management. Innovation is providing capabilities for detection of insecure code/configuration and preventing security flaws prior to deployment. As technology changes,ensuring adaptive security controls to protect any environment is crucial. Vulnerability Management will continue to search for weaknesses not detected and for innovative ways to automate mitigation along with providing insight into where education, practices and hardening of controls need to improve. Vulnerability Management fulfills this critical role as the process of identifying, evaluating, addressing and reporting security issues in systems and the software deployed
< Page 8 | Page 10 >