Don't miss an insight. Subscribe to Techopedia for free.


Vulnerability Management

What Does Vulnerability Management Mean?

Vulnerability management is a security practice specifically designed to proactively prevent the exploitation of IT vulnerabilities that could potentially harm a system or organization.


The practice involves identifying, classifying, mitigating and fixing known vulnerabilities within a system. It is an integral part of computer and network security and plays an important role in IT risk management.

Techopedia Explains Vulnerability Management

Vulnerability scanning is one technique an IT administrator might use to identifying security weaknesses in an organization's hardware, software and data transmission. They would then conduct a formal risk analysis to evaluate the potential impact of a known risk as a precursor to correcting the vulnerability and mitigating or removing the risk. If the risk cannot be entirely removed, there must be a formal risk acceptance by the management of the organization.

Risk assessment frameworks play an important role in helping organizations prioritize and share information about vulerabilities that pose risks to an organization. Popular frameworks in use today include OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation), COBIT (Control Objectives for Information and Related Technology) and the recommendations outlined in the Risk Management Guide for Information Technology Systems from the National Institute of Standards and Technology.


Related Terms