2.6 Doing Vulnerability Management - VM

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
1 hour 23 minutes
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:01
in the last video, we talked about applying patches.
00:04
In this video, we'll talk about performing another vulnerability scan to verify the patchwork.
00:11
It's also get I learned objectors.
00:13
We're gonna learn why we verify a patch has worked
00:17
and we're gonna learn about vulnerability reporting.
00:21
Let's look at the process.
00:23
An organization does not need to re scan for vulnerabilities after Patch,
00:27
since the patch will fix everything.
00:30
Is this true,
00:32
or is this false?
00:37
This is actually false.
00:43
It doesn't get the patch.
00:44
Verification
00:46
re scans assets starting with critical ones.
00:49
It checks for software and hardware issues.
00:53
Checks That patch didn't introduce new vulnerabilities
00:57
After a plan, a patch are completing the re mediation process. Be sure to Reese, Can I pee connected assets, especially the critical assets.
01:06
This step verifies that the fix work
01:08
and that it doesn't cause other network devices. What service is our applications to malfunction or to be exploded to other vulnerabilities?
01:19
Business risk and security risk to indicators you can use to prior to rise remediation efforts,
01:26
for example,
01:29
extremely valuable assets may have a much higher priority rating for remediation efforts, even though the vulnerability detected
01:37
ONI systems heavy lower security risk
01:40
in lower priority asset, such as server hosting. The lunch menu for company
01:45
may have a more critical vulnerability,
01:48
but the business
01:49
risk and priority to the fix for the vulnerability would not wait. Maur Important business critical system
02:00
so is look at the vulnerability management to report.
02:05
So we have adequate documentation for the lows and standards
02:08
as we can see a few standards that's listed here.
02:12
It's for us. Hippos, socks,
02:14
G O B A. We C P C I as well, which P. C. I is very important because if anything, that covers financial
02:23
all credit card transactions.
02:25
So we have custom templates, and we have internal policies as well, too.
02:30
So verify fixes what result. Resulting scan reports may provide adequate documentation for orders
02:38
checking for compliance with security provisions of laws and regulations
02:43
such as the ones that we have here listed.
02:46
So some vulnerability management solutions provide custom templates for specific regulations.
02:53
So we do have custom simply. It's for nest
02:55
for hip, for socks and for PC I as well, in which
03:01
it scans for compliance within the actual server or the data bits.
03:08
So I take a look at the Post assessment.
03:12
There are no vulnerability management reports that offer custom templates for specific laws and standards.
03:19
Is this true,
03:20
or is this focus?
03:24
This is actually false.
03:30
In this video, we talked about performing another on ability scan to verify the patchwork.
03:37
In the next video, we'll learn about different vulnerability management options.
Up Next
Fundamentals of Vulnerability Management

Most of the successful attacks through a business network could be prevented with vulnerability management. This course focuses on what you can do to automatically manage vulnerabilities and keep your network safe from attack.

Instructed By