in the last video we talked about prior to rising remediation of Ron abilities and vulnerability reports.
So I was looking at learning objectives.
We're gonna talk about it. 10 Best Practices for Vulnerability management.
But before we do that, let's take a look at our pre assessment.
What is the most important phase of born ability management?
Is it a Discovery Network Assets?
Is it be running comprehensive scans or is it c
checking inside and outside the Demsey?
The correct answer is a
discovering network Assets is correct.
We have to know our assets to measure and prior to rise risk.
Let's look at the 10 best practices of vulnerability management.
So number one. We have discovered no work assets.
Number two. We have classify assets number three. We have checked inside and outside of D M Z
Now, before we have comprehensive scans. Number five. We have reports for technical staff
number six, with reports for management
number seven with compliance reports Number eight. We have patching number nine. We have trekked progress and last but not least at number 10. We have repeat,
so let's check him out
first. Let's go ahead and talk about Discovery network assets,
So we have to discover what our assets are on a network. This allows us to didn't identify areas of risk and quantified.
Next. We have classify assets,
so identify and assets also allows us to classify the assets based on their value to business operations
and helps us buying areas that are the most susceptible to attack
classifying assets. Always ask yourself, Is this critical to the business function?
Now let's go on to check inside and outside the Demsey.
The point of checking inside and outside of dams is to focus on being comprehensive with your network vulnerability. Scan
attacks can originate from insider threats or external its actors
It is important to run comprehensive scans, and you want to focus on scanning your critical systems first.
As I mentioned through through this course,
this process should be automated to help conserve resource is and reduce costs.
Now look at reports for technical staff
for technical staff. The reports need to be comprehensive, with instructions on how to re mediate Vulnerabilities
says Look at reports for management
for management reports need to be easily digestible.
diagrams, shorts and other visual aids. Will help the manager your team understand information discovered in the Vulnerability scan.
This helps you get better financial buy in to remediate the vulnerabilities.
Now let's move on to compliance reports.
Many vulnerability management tools have reporting that is compliant with various regulations and standards.
Often you can simply select a regulation like hip hop,
and the two will generate a report in a format needed to meet the regulation.
Now let's talk about Patch.
Most software applications have new releases, so patching is an important task for any organization.
we needs a product arise our patching to focus on critical systems First.
Now let's talk about
de Shrek the tracking of progress.
So we need to track if our mediation is working.
We can do this by integrating with the help desk ticketing system
and or by performing another vulnerability scan on the system.
Lastly, let's talk about repeat.
Remember, vulnerability. Management is not a one time process, and you're done.
New vulnerabilities arrives daily,
and we need the check we need to check for
critical systems should be scanned on a weekly basis at the minute.
Now let's take a look at our post assessment
Once I do I want to believe it?
I never have to do one again.
Bone ability. Management is a ongoing process
and vulnerability. Scans should be performed on critical systems at least a week.
Let's go ahead and summarize.
we talked about Tim Best practices of vulnerability management.
I want to thank you again for taking its course. Remember, this course was just a foundational course and vulnerability management.
I hope you learned a lot.
And don't forget to Diallo, that supplemental