Vulnerability Management

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

35 hours 10 minutes
Video Transcription
Hello and welcome back to Cy. Various comp TIA Certified Van Security Practices Certification Preparation Course.
This is a continuation of margin to which is titled Bone Marrow. Match It.
These are the learning objectives which encompasses Marjorie number two,
ranging from cyber security research, Bombay Assessment, Bombay Management and then we have our key takeaways. What we're gonna do is continue on because in previous video already discuss cybersecurity research as well. Vulnerably assessment. Let's not turn our attention to war. The discussion off Bottled in management,
which is in fact section three of this particular presentation.
These are the objectives that we will be discussing, and they are as follows we begin by defining Bonneville. Imagine and explain why it's important.
Take a look at gonna be imagined versus Barbara This scanning
look at the roles and responsibilities and, lastly, vom billy management process step by step.
Let's not turn toward this pre assessment question and the princess. That question is as follow. It specifically states that what is a process in which vulnerable is in your I T or technology systems or identify, and the risk of these Valerie's are evaluated. Call isn't a company Jallet be voluntary management,
three threat analysis or D accounting.
If you said, Let that be your absolute correct because it's vulnerably management,
let's not turn out to tour. First of all, to find exactly what is vulnerably I was. We know abominably is considered a weakness, but according to the S 0 27 02 standard, it's a weakness of an asset or group of assets that can be explored it by one arm or threats.
Eager is important when you look at Bowman, and management is in fact a process and with vulnerabilities in your IittIe identified or M i. T. F a sculpture and the risk other words, the Taliban certainties of these former blades are evaluated.
This evaluation leads to correct in a vulnerable is every moving the risk or a former risk acceptance by the mansion of an organization. Now remember, in previous videos, we learned that despite all our best effort, we cannot totally limit all the risk, even though we, despite our best efforts, we still gonna have a term called residual risk.
A lot of times we may sight to accept that risk because of cost, and we looked at from a cost benefit analysis of calls to mitigate that risk is really not work
the cost. So we sought to accept that particular type of risk.
We look at Bombay Magic versus violence, scanning the term burn. But imagine is often confused with Barbas scanning.
Despite the fact that both are related, there is an important difference between the two.
Barbarous Cannon consists of using a computer program to identify bumblers in the networks, infrastructure or application.
Both, I imagine, is the process around in Obama's scanning, also taking into account other aspects such as risk, acceptance and re mediation.
So why is boning imagine it required because of the increase in growth of cyber crime? We see that's a reason and associate risk off forcing majority of most organization, almost organization that focus more attention on information security. A vulnerable, imagine process should be part of an organization effort to control
information security risk.
Now Forsett Barnabus Manfred process may only they should do not frequent perform Bombay scans in their environment. They perform scans on a quarterly or annual basis, which only provides a snapshot at a point in time. So essentially objective on this matchup processes attack
entering immediate marvelous in a timely fashion. The kids
Any vulnerability not to take after schedule scan takes place. We only be detected at the next schedule. Scan
now forced the rose and responsibilities. We have our security officers. We have a bottom 1,000,000,000 engineer, as was an asset owners and the I T systems engineer. Now, when you build about the magic process, the father role should be identified within your organization. We have our security officer
disputed Officer is the owner of the wannabe. In management process.
This person designs a process, ensures it's implemented and design
Barbie. The engineer on the hand
role is responsible configuring the vulnerability scanner and schedule in various Bonneville. It scans
you ask. The owner is responsible for the anti acid that is scanned by the bomb being management process. This role should decide whether identify vitamins or mitigated or their associated risks or accept it. Then we have our I T systems engineer.
The RT Systems engineer OH is typically response for implemented remediating action defined as a result of detective bone abilities
now for its vulnerabilities process step by step. First of all, we have a preparation. We have a barber the scan with. If we all set to define that movie dating actions, we also the implement remedial action and also re scan. So let's begin by first are taking a look at each one of these.
The 1st 1 is called a preparation phase.
Besides in Scope system
and owns this, you also terminate type of scan. So the preparation phase is the first phase in development management process is to define the scope of the volunteer management process. This faces main responsible for the security office in an organization. The last step off a preparation face consists of planning and formally scanning.
Depending on the scan configuration,
which includes a number, Bumble is checks, authentication, scan types and application, and stall on the target. A one of a skin against a single opera just can take between a few minutes to a few hours.
Then we have a bone to the scan.
Obviously, the risk appetite for organization plays an important role in the vulnerable and magic process. If it organizations willing to ignore some rest due to limit resource has been available, the scope out of all of its magic process can stay limited. Other words only higher risk for which known exports exist.
So we going to that bomb is Skin
one. Attack and classify the sister weakness or vulnerability in the computer network communication equipment and predict the effectiveness of the countermeasures. Most of the vomit of scanning tools off for the day off. Right range reported option to visualize scan results.
Then we needed a finer meeting actions
as an asset on with the cooperation of the security officer in the I T department. They were defined. Her immediate actions. The security also were analysed. Vulnerable is determined, associated risks, and we provide input on women. It's remediation.
The I T department were analysed of ornaments from a technical perspective and answer questions such as if patches are available or whether configuration can be hard. When we told my heart that means what we're moving, those service's are turning off those service's which we don't. We don't necessarily need
because what happened that creates an entry port or create a hole in our overall security infrastructure.
The next step is implement what we call mediating actions remain actors to be executed in line with the Greek timeframe.
If a problem occurs with invitation remediation it should be recorded.
Alden action should be defined by the asset owner based on recommendation by the scooter officer and the I T department,
and as a security officer issued, track the status off the remedial actions as well.
Next they want to do is go through what we call a re scan
a risk. It has to be scared to verify that really action have been implemented. This particular scare would perform using the same bubbly skin and tools and identify configuration sentence as the initial stamp. This step is very important event. Inaccurate results due to configuration
errors. In other words.
Here get is our only magic life cycle process.
So, first, are we kind of start here. We look at assess report. We mediate, verified, discover and pride us again. We could see that is an ongoing process in terms of managing the various witnesses or inherently is that this wouldn't have various infrastructure. This brings us to our post assessment question for this section,
and the question is as follows.
What is an inspection of the potential points of exports on a computer or network to identify security holes? Call isn't a vulnerably scanning be integrity, see availability or D accounting.
The correct response is a vulnerability scanning
that's not highlight the topics of risk us doing this particular presentation and they are as follows we defined bone. But imagine explain why it's important.
He also explained the difference between Bonomy scanning and penetration testing.
We also highlight deficit between Donald Imagine versus Bullet scanning. We looked at the Rose and responsibilities and lastly Bombay Amendment process. Step by step
in the upcoming presentation will be taking a look at the key takeaways for marginal or two, which is titled Bottom 1,000,000,000 Management.
I look forward to seeing you in the next video.
Up Next