5.1 Ten Best Practices for Doing Vulnerability Management - VM

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
1 hour 23 minutes
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:01
in the last video we talked about prior to rising remediation of Ron abilities and vulnerability reports.
00:09
So I was looking at learning objectives.
00:11
We're gonna talk about it. 10 Best Practices for Vulnerability management.
00:16
But before we do that, let's take a look at our pre assessment.
00:19
What is the most important phase of born ability management?
00:23
Is it a Discovery Network Assets?
00:26
Is it be running comprehensive scans or is it c
00:30
checking inside and outside the Demsey?
00:36
The correct answer is a
00:38
discovering network Assets is correct.
00:41
We have to know our assets to measure and prior to rise risk.
00:48
Let's look at the 10 best practices of vulnerability management.
00:52
So number one. We have discovered no work assets.
00:56
Number two. We have classify assets number three. We have checked inside and outside of D M Z
01:02
Now, before we have comprehensive scans. Number five. We have reports for technical staff
01:07
number six, with reports for management
01:10
number seven with compliance reports Number eight. We have patching number nine. We have trekked progress and last but not least at number 10. We have repeat,
01:22
so let's check him out
01:23
first. Let's go ahead and talk about Discovery network assets,
01:29
So we have to discover what our assets are on a network. This allows us to didn't identify areas of risk and quantified.
01:40
Next. We have classify assets,
01:42
so identify and assets also allows us to classify the assets based on their value to business operations
01:51
and helps us buying areas that are the most susceptible to attack
01:56
classifying assets. Always ask yourself, Is this critical to the business function?
02:05
Now let's go on to check inside and outside the Demsey.
02:10
The point of checking inside and outside of dams is to focus on being comprehensive with your network vulnerability. Scan
02:17
attacks can originate from insider threats or external its actors
02:24
comprehensive scans.
02:28
It is important to run comprehensive scans, and you want to focus on scanning your critical systems first.
02:36
As I mentioned through through this course,
02:38
this process should be automated to help conserve resource is and reduce costs.
02:45
Now look at reports for technical staff
02:51
for technical staff. The reports need to be comprehensive, with instructions on how to re mediate Vulnerabilities
03:00
says Look at reports for management
03:04
for management reports need to be easily digestible.
03:07
Using metrics,
03:09
diagrams, shorts and other visual aids. Will help the manager your team understand information discovered in the Vulnerability scan.
03:19
This helps you get better financial buy in to remediate the vulnerabilities.
03:27
Now let's move on to compliance reports.
03:30
Many vulnerability management tools have reporting that is compliant with various regulations and standards.
03:36
Often you can simply select a regulation like hip hop,
03:40
and the two will generate a report in a format needed to meet the regulation.
03:47
Now let's talk about Patch.
03:51
Most software applications have new releases, so patching is an important task for any organization.
03:59
However,
04:00
we needs a product arise our patching to focus on critical systems First.
04:09
Now let's talk about
04:10
de Shrek the tracking of progress.
04:14
So we need to track if our mediation is working.
04:17
We can do this by integrating with the help desk ticketing system
04:21
and or by performing another vulnerability scan on the system.
04:30
Lastly, let's talk about repeat.
04:33
Remember, vulnerability. Management is not a one time process, and you're done.
04:41
New vulnerabilities arrives daily,
04:43
and we need the check we need to check for
04:46
critical systems should be scanned on a weekly basis at the minute.
04:55
Now let's take a look at our post assessment
04:58
Once I do I want to believe it?
05:00
I never have to do one again.
05:01
Is this true
05:03
or is this false?
05:09
This is folks.
05:10
Bone ability. Management is a ongoing process
05:13
and vulnerability. Scans should be performed on critical systems at least a week.
05:21
Let's go ahead and summarize.
05:25
So in his video
05:27
we talked about Tim Best practices of vulnerability management.
05:31
I want to thank you again for taking its course. Remember, this course was just a foundational course and vulnerability management.
05:40
I hope you learned a lot.
05:41
And don't forget to Diallo, that supplemental
05:44
resource is.
Fundamentals of Vulnerability Management

Most of the successful attacks through a business network could be prevented with vulnerability management. This course focuses on what you can do to automatically manage vulnerabilities and keep your network safe from attack.

Instructed By