CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
8CIOReview | | JUNE 2022IN MY OPINIONMATURITY OF VULNERABILITY MANAGEMENT IN SECURING AN ORGANIZATION'S IT ASSETS By Nichole Bray, Director of Vulnerability Management, Global Tech Information Security, WalmartTechnology is used in every part of our lives and new solutions are continuously being developed. These solutions are more complex, integrated and essential. The speed to resolving technology weaknesses has become more crucial and requires building in security at all levels. Organizations must have a defense against known security flaws and processes for keeping up with emerging security challenges. Vulnerability Management fulfills this critical role as the process of identifying, evaluating, addressing and reporting security issues in systems and the software deployed. The continuous lifecycle affords a persistent level of defense and is an integral part of any security strategy. The outcome is understanding where and how a company's data lives and is accessed, identifying where potential weaknesses exist, evaluating them against security controls deployed and making informed decisions about necessary corrections and how quickly to ensure company assets and customer data are secure. This is essential for prioritizing possible threats and minimizing attack surface; a discipline constantly evolving and requiring a balance of science and art. Success rests in understanding the extent of the organization's environment and its changes. Accuracy in data is vital to addressing any identified finding; pinpointing where weakness exists as well as knowing who is responsible for that technology and how it can be leveraged as a threat. Most importantly is company culture, commitment and leadership dedication to data security. Vulnerability Management today Traditionally, this discipline has been regarded as port scanning of a company's external IP space and ensuring a sound patch management program is in place to address security weaknesses associated with third-party systems. Over time, the capabilities Nichole Bray
< Page 7 | Page 9 >