Vulnerability Management

Why Trust Techopedia

What Does Vulnerability Management Mean?

Vulnerability management is a security practice specifically designed to proactively prevent the exploitation of IT vulnerabilities that could potentially harm a system or organization.

Advertisements

The practice involves identifying, classifying, mitigating and fixing known vulnerabilities within a system. It is an integral part of computer and network security and plays an important role in IT risk management.

Techopedia Explains Vulnerability Management

Vulnerability scanning is one technique an IT administrator might use to identifying security weaknesses in an organization's hardware, software and data transmission. They would then conduct a formal risk analysis to evaluate the potential impact of a known risk as a precursor to correcting the vulnerability and mitigating or removing the risk. If the risk cannot be entirely removed, there must be a formal risk acceptance by the management of the organization.

Risk assessment frameworks play an important role in helping organizations prioritize and share information about vulerabilities that pose risks to an organization. Popular frameworks in use today include OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation), COBIT (Control Objectives for Information and Related Technology) and the recommendations outlined in the Risk Management Guide for Information Technology Systems from the National Institute of Standards and Technology.

Advertisements

Related Terms

Margaret Rouse
Editor

Margaret jest nagradzaną technical writerką, nauczycielką i wykładowczynią. Jest znana z tego, że potrafi w prostych słowach pzybliżyć złożone pojęcia techniczne słuchaczom ze świata biznesu. Od dwudziestu lat jej definicje pojęć z dziedziny IT są publikowane przez Que w encyklopedii terminów technologicznych, a także cytowane w artykułach ukazujących się w New York Times, w magazynie Time, USA Today, ZDNet, a także w magazynach PC i Discovery. Margaret dołączyła do zespołu Techopedii w roku 2011. Margaret lubi pomagać znaleźć wspólny język specjalistom ze świata biznesu i IT. W swojej pracy, jak sama mówi, buduje mosty między tymi dwiema domenami, w ten…