{"id":257,"date":"2016-06-23T23:51:00","date_gmt":"2016-06-23T23:51:00","guid":{"rendered":"https:\/\/securityeverafter.com\/2016\/06\/23\/an-approach-to-vulnerability-management\/"},"modified":"2016-06-23T23:51:00","modified_gmt":"2016-06-23T23:51:00","slug":"an-approach-to-vulnerability-management","status":"publish","type":"post","link":"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/","title":{"rendered":"An Approach to Vulnerability Management"},"content":{"rendered":"

I recently posted the <\/span>below<\/a> on the <\/span>SANS Internet Storm Center<\/a>.<\/span>

<\/span>
<\/span><\/p>\n

\n
No need to do anything to make your auditor happy than to purchase the most popular scanning tool <\/div>\n
<\/div>\n<\/div>\n
No need to worry, when the scan is over and the report has been produced – you are all done <\/div>\n
\n
<\/div>\n
No need to ever leave your cube and speak directly with your system administrators <\/div>\n
<\/div>\n
No need to ever test the scanner on a non-production network in advance <\/div>\n
<\/div>\n<\/div>\n
No need to worry, a clean scan means you are both compliant and secure <\/div>\n
<\/div>\n
No need to ever leave your cube and speak directly with your application developers <\/div>\n
\n

<\/span><\/div>\n
No need to ever let anyone know when your scan starts, after all an attacker is not going to do that so why should you<\/span><\/div>\n

<\/span><\/div>\n
No need to worry, if something becomes unavailable during a scan it is totally not your problem<\/span><\/div>\n

<\/span><\/div>\n
No need to bother reviewing <\/span>Critical Security Control 9 – Limitation and Control of Network Ports, Protocols, and Services<\/a>  <\/span><\/div>\n

<\/span><\/div>\n
No need to show good stewardship after the purchase by producing metrics such as the percentage of findings that have been fixed as a percentage of all the findings<\/span><\/div>\n

<\/span><\/div>\n
No need to seek data that demonstrates your scanner could serve as a platform to improve your security posture<\/span><\/div>\n

<\/span><\/div>\n
No need to keep your boss informed of your progress, s\/he would not understand <\/span><\/div>\n

<\/span><\/div>\n
No need to divert any of your time from finding things to fixing things<\/span><\/div>\n

<\/span><\/div>\n
No need to ever think that your scanning tool is every anything but spot on accurate<\/span><\/div>\n<\/div>\n
<\/div>\n

<\/span><\/p>\n

\n
No need to hold back, it would be great if you shared your Vulnerability Management \u201cbest practices” in our comments section below <\/div>\n
\n
<\/div>\n
<\/div>\n<\/div>\n
\n
Russell Eubanks <\/div>\n
ISC Handler<\/a><\/div>\n
@russelleubanks<\/a><\/div>\n<\/div>\n<\/div>\n


<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

I recently posted the below on the SANS Internet Storm Center. No need to do anything to make your auditor happy than to purchase the most popular scanning tool No need to worry, when the scan is over and the report has been produced – you are all done No need to ever leave your cube and speak […]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[7,21,22],"tags":[],"jetpack_publicize_connections":[],"yoast_head":"\nAn Approach to Vulnerability Management - Security Ever After - vCISO<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"An Approach to Vulnerability Management - Security Ever After - vCISO\" \/>\n<meta property=\"og:description\" content=\"I recently posted the below on the SANS Internet Storm Center. No need to do anything to make your auditor happy than to purchase the most popular scanning tool No need to worry, when the scan is over and the report has been produced – you are all done No need to ever leave your cube and speak […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Ever After - vCISO\" \/>\n<meta property=\"article:published_time\" content=\"2016-06-23T23:51:00+00:00\" \/>\n<meta name=\"author\" content=\"Russell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@russelleubanks\" \/>\n<meta name=\"twitter:site\" content=\"@russelleubanks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Russell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/\"},\"author\":{\"name\":\"Russell\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3\"},\"headline\":\"An Approach to Vulnerability Management\",\"datePublished\":\"2016-06-23T23:51:00+00:00\",\"dateModified\":\"2016-06-23T23:51:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/\"},\"wordCount\":297,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/securityeverafter.com\/#organization\"},\"articleSection\":[\"Leadership\",\"Operational Security\",\"SANS Top 20 Controls\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/\",\"url\":\"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/\",\"name\":\"An Approach to Vulnerability Management - Security Ever After - vCISO\",\"isPartOf\":{\"@id\":\"https:\/\/securityeverafter.com\/#website\"},\"datePublished\":\"2016-06-23T23:51:00+00:00\",\"dateModified\":\"2016-06-23T23:51:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/securityeverafter.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"An Approach to Vulnerability Management\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/securityeverafter.com\/#website\",\"url\":\"https:\/\/securityeverafter.com\/\",\"name\":\"Security Ever After - CISO\",\"description\":\"vCISO\",\"publisher\":{\"@id\":\"https:\/\/securityeverafter.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/securityeverafter.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/securityeverafter.com\/#organization\",\"name\":\"Security Ever After\",\"url\":\"https:\/\/securityeverafter.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1\",\"width\":1169,\"height\":826,\"caption\":\"Security Ever After\"},\"image\":{\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/russelleubanks\",\"https:\/\/www.linkedin.com\/in\/russelleubanks\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3\",\"name\":\"Russell\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg\",\"caption\":\"Russell\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"An Approach to Vulnerability Management - Security Ever After - vCISO","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/","og_locale":"en_US","og_type":"article","og_title":"An Approach to Vulnerability Management - Security Ever After - vCISO","og_description":"I recently posted the below on the SANS Internet Storm Center. No need to do anything to make your auditor happy than to purchase the most popular scanning tool No need to worry, when the scan is over and the report has been produced – you are all done No need to ever leave your cube and speak […]","og_url":"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/","og_site_name":"Security Ever After - vCISO","article_published_time":"2016-06-23T23:51:00+00:00","author":"Russell","twitter_card":"summary_large_image","twitter_creator":"@russelleubanks","twitter_site":"@russelleubanks","twitter_misc":{"Written by":"Russell","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/#article","isPartOf":{"@id":"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/"},"author":{"name":"Russell","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3"},"headline":"An Approach to Vulnerability Management","datePublished":"2016-06-23T23:51:00+00:00","dateModified":"2016-06-23T23:51:00+00:00","mainEntityOfPage":{"@id":"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/"},"wordCount":297,"commentCount":0,"publisher":{"@id":"https:\/\/securityeverafter.com\/#organization"},"articleSection":["Leadership","Operational Security","SANS Top 20 Controls"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/","url":"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/","name":"An Approach to Vulnerability Management - Security Ever After - vCISO","isPartOf":{"@id":"https:\/\/securityeverafter.com\/#website"},"datePublished":"2016-06-23T23:51:00+00:00","dateModified":"2016-06-23T23:51:00+00:00","breadcrumb":{"@id":"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/securityeverafter.com\/an-approach-to-vulnerability-management\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/securityeverafter.com\/"},{"@type":"ListItem","position":2,"name":"An Approach to Vulnerability Management"}]},{"@type":"WebSite","@id":"https:\/\/securityeverafter.com\/#website","url":"https:\/\/securityeverafter.com\/","name":"Security Ever After - CISO","description":"vCISO","publisher":{"@id":"https:\/\/securityeverafter.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/securityeverafter.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/securityeverafter.com\/#organization","name":"Security Ever After","url":"https:\/\/securityeverafter.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1","contentUrl":"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1","width":1169,"height":826,"caption":"Security Ever After"},"image":{"@id":"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/russelleubanks","https:\/\/www.linkedin.com\/in\/russelleubanks\/"]},{"@type":"Person","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3","name":"Russell","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg","caption":"Russell"}}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts\/257"}],"collection":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/comments?post=257"}],"version-history":[{"count":0,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts\/257\/revisions"}],"wp:attachment":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/media?parent=257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/categories?post=257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/tags?post=257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}