Owasp vulnerability Management Guide (ovmg) June 1, 2020
Yüklə 1,27 Mb. Pdf görüntüsü
|
|
3 Remediation Cycle
The remediation cycle targets activities that should reduce or eliminate vulnerabilities or provide evidence as to why a particular vulnerability is believed not to be a threat. Key activities are focused on defining priorities and terms of remediation work, discussing and documenting false-positives, and dealing with exceptions. OWASP Vulnerability Management Guide (OVMG) - June 1, 2020 13 3.1 Prioritize 3.1 TASK INPUT OUTPUT Prioritize Vulnerabilities 1.1 Scope 2.1 Asset Groups 2.4 Reports 3.2 Remediation # TO-DO WHY 3.1.1 Use your reports To prioritize remediation work, you need to use metrics from your reports amplified by assets’ criticality to your organization. 3.1.2 Use trend analysis What are the areas where the trend is going up and how do we normalize them? These areas should be prioritized. 3.1.3 Use information from additional sources It pays off to stay current of cybersecurity news: zero-days, significant ransomware exploits, etc. This news may shift the priorities of your remediation work. 3.1.4 Apply other environmental factors Your organization has daily, weekly, monthly, and quarterly priorities. Based on the function of each team, these priorities may be dominant or secondary. Think about how vulnerability management may feed into other teams’ goals. 3.1.5 Communicate to responsible and accountable stakeholders In 2.3.1, we discussed the use of the ticketing system. Augment it with personal written and verbal communication. It largely depends on your organizational culture, but above all, human relations go a long way. You have to build support among your coworkers. Yüklə 1,27 Mb. Dostları ilə paylaş:
|