Whitepaper

From SANS: How to Show Business Benefit by Moving to Risk-Based Vulnerability Management

Vulnerability assessment has been a security requirement for every major regulatory agency over the last 15 years. Yet, time and again, after-incident reports reveal that costly breaches, causing millions of dollars in damage, are a result of known vulnerabilities that went unpatched due to a lack of connection to business criticality.

In this whitepaper written by SANS security expert, John Pescatore, you’ll learn how to avoid this “lack of context” trap by adopting a risk-based approach to vulnerability management. Reading this paper will help you answer several key security questions including:

  • How do I measure the business risk underlying any given vulnerability?
  • What concrete steps can I take to migrate to a risk-based VM program?
  • Which questions and selection criteria should I consider when evaluating technology products and vendors?