cyris360-framework

3.2 Vulnerability Management

As part of Governance section, we already mentionned that an inventory of assets & associated network interfaces, i.e. attack surface, is necessary (See section 1.1.1).
The security properties (such as: confidentiality, integrity, availability) of each asset should be evaluated.
The inventory of assets & attack surface should be maintained and enriched with relevant metadata to help analyse what interface is used with what products, and what conditions apply (authentication needed, etc).
All relevant vendors associated with network interfaces should be documented and maintained, as well as critical recurrent activities. Think of DNS domain name or SSL certificate renewal.
Ensure all network interfaces are scanned periodically, using the relevant security scanners: Think of SSL scanner [8].
Set up a process to centrally monitor and triage vulnerabilities from different sources, and identify the onces that needs to be addressed within specific timeframe.
Monitor all network traffic and pattern/trends, as well as unusual behavior & error rates.

Setup a configuration management database, i.e. CMDB [9].
Ensure that critical configuration parameters are protected against accidental changes.
Ensure that all IT equipements are managed with the appropriate tool, and relevant OS & software versions are monitored using relevant EDR/UES [10].
If you are developing software products, make sure the relevant scanner are enabled as part of the development pipeline (See section 2.2).

Make sure you subscribe to relevant national cybersecurity alerts [11,12,13].
Set up a process to easily and quickly confirm or dismiss vulnerabilities with high risk of expolit. This may extend beyond the scope of your organization to XaaS vendors.
If a specific vulnerability is confirmed to impact a product/service/system in scope, an incident shall be systematically triggered (See section 3.3.2).

This site is open source. Improve this page.