Vulnerability Management

Why Trust Techopedia

What Does Vulnerability Management Mean?

Vulnerability management is a security practice specifically designed to proactively prevent the exploitation of IT vulnerabilities that could potentially harm a system or organization.

Advertisements

The practice involves identifying, classifying, mitigating and fixing known vulnerabilities within a system. It is an integral part of computer and network security and plays an important role in IT risk management.

Techopedia Explains Vulnerability Management

Vulnerability scanning is one technique an IT administrator might use to identifying security weaknesses in an organization's hardware, software and data transmission. They would then conduct a formal risk analysis to evaluate the potential impact of a known risk as a precursor to correcting the vulnerability and mitigating or removing the risk. If the risk cannot be entirely removed, there must be a formal risk acceptance by the management of the organization.

Risk assessment frameworks play an important role in helping organizations prioritize and share information about vulerabilities that pose risks to an organization. Popular frameworks in use today include OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation), COBIT (Control Objectives for Information and Related Technology) and the recommendations outlined in the Risk Management Guide for Information Technology Systems from the National Institute of Standards and Technology.

Advertisements

Related Terms

Margaret Rouse
Technology Specialist
Margaret Rouse
Technology Specialist

Margaret is an award-winning writer and educator known for her ability to explain complex technical topics to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles in the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret’s idea of ​​a fun day is to help IT and business professionals to learn to speak each other’s highly specialized languages.