Time
1 hour 23 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:01
in the last video, we wrapped up our discussion on why we need
00:05
want ability management by talking about identifying and fixing folks in this video, we're gonna talk about the benefit of security policies and vulnerability, management and importance of tracking inventory.
00:20
So I was like, Get out learning objectives.
00:23
We're going to cover benefits of security policies. Tracking inventory,
00:27
categorizing assets. Ask Anna vulnerabilities.
00:32
Take a look at our pre assessment
00:35
for the most accurate vulnerability scans you should
00:38
a scan on authenticated against the system
00:41
be scanned, authenticated against the system. Horsey.
00:45
You time sensitive passwords
00:51
I can't answer here is gonna be be scant. Authenticated against system
00:55
authentication is basically the server and a vulnerability management to communicating with each other.
01:00
Authentication allows a vulnerability management tool to scan inside of the server,
01:06
basically capturing a accurate number of on abilities with the Net. Sir.
01:11
So getting acid. Here's B.
01:15
Let's talk about security policies
01:19
so we're gonna cover it, help reduce the security hose.
01:23
We're going to cover that Maura structure decision making for vulnerability management. We're going to see if it's enforceable,
01:29
So policy is one of those busters terms that can make an I t expert eyes glaze over
01:34
but master, an idea of policies for vulnerability management does more than make an I t person feel as important as the CEO or a politician.
01:44
Security policies
01:46
provide ability. Management make it easier to define actions. That guy decision making about setting up your Vulnerability mansion program.
01:55
The result of good policies. Make it easier and faster for you and I t Security team to discover vulnerabilities, remediate those security holes and produce documentation to satisfy audit requirements for compliance.
02:08
Now let's look at three keys here
02:12
of policies.
02:14
So what policies determined
02:15
The nature of controls use. Ensure security, such as standard configurations for, OH, security devices and applications, including antivirus Farrah Whoa! Intrusion Detection and Prevention.
02:30
I think security expert should create a matrix with a short list of configurations and features so that policymakers can understand their options for security controls.
02:42
Secondly,
02:43
policies and controls apply to servers, network devices
02:47
and applications, and then points.
02:52
And thoroughly policymakers need to determine
02:57
the business impact of vulnerability on each asset or asset group.
03:02
For example, a system that host
03:06
the lunch menu probably isn't as important as a system that maintains customer information
03:10
or financial data.
03:13
Proselytization weighs a business risk and importance of each asset,
03:17
which affects the urgency and completion order of vulnerability and remediation.
03:23
So it's like that tracking inventory.
03:25
So we're gonna cover the identity
03:28
of assets. We're gonna talk about what our assets. And also we're gonna talk about how to automate track.
03:35
So in order to fix vulnerabilities, you must first understand what assets such as servers, desktops and devices you have in your network and then testifying. Any vulnerability that may exist
03:47
track inventory and categorizing assets establishes
03:53
an evaluation baseline
03:55
and this step you create and continually maintain a database of all Internet protocol devices attached to the network.
04:03
Here is where you connect the actual assets and your network with the policies determining relative business value photos. Assets.
04:14
So let's talk about the identification of the inventory.
04:18
Vulnerability management are basically vulnerability. Scanning
04:23
is usually done by directing the scanner at a particular I P address or a range of addresses.
04:30
So it's useful to organize your database by peas
04:34
elements and as that group include
04:36
hardware, software applications, service's and configurations to tracking his level of detail provides
04:46
the file on benefits.
04:47
One
04:48
it is. The data enables organization to identify
04:53
which boy Billy's affect particular subsets of the I T infrastructure.
04:58
Two.
04:59
The tracking inventory helps
05:00
the speed the scanning process because it enables you to scan multiple asset groups and parallel.
05:09
You can track this data manly but vulnerability management. It's much more effective by automating the entire inventory process for discovery and tracking,
05:19
and lastly,
05:20
it gives an accurate inventory
05:24
that ensures the correct patches or selected and apply it during remediation.

Up Next

Fundamentals of Vulnerability Management

Most of the successful attacks through a business network could be prevented with vulnerability management. This course focuses on what you can do to automatically manage vulnerabilities and keep your network safe from attack.

Instructed By

Instructor Profile Image
Corey Charles
Founder of DreamVision IT LLC
Instructor