web stats service from statcounter


The difficulty of evaluating a vulnerability management program is made a little easier when the evaluation is based around some basic principles. Web application Security is vital to any business so the vulnerability management programs job is to ensure that all security issues identified, evaluated and dealt with as efficiently as possible.

Here are five elements that every management program should incorporate.

Risk management strategies. Essentially, the program should be based on risk management because this approach provides a valuable guide by which decisions can be made an independent evaluations made about the risks. In other words, each threat, as it is uncovered, needs to be independently assessed before a decision is made to deploy patches.
Information Technology Practices. In essence the vulnerability of management program should also be considered within the context of overall IT management and practices. This includes training, documentation and procedures, monitoring of systems and data recovery strategies. As you probably already know these activities are vital to ensure ongoing security so effective vulnerability management program should contain these elements.
Patch deployment. Patches need to be deployed in a timely manner so that software can continue uninterrupted whilst at the same time being protected against malicious attacks. It's important to note however that not all patches are applicable in every situation and a decision needs to be made about which patches are relevant and which will optimise the system in ongoing sense. This means that patching should be prioritised and evaluated against the potential dangers of nonimplementation. Every asset needs to be considered on its merits and patches should be tracked and identified before deployment.
Antivirus programs. It almost goes without saying that an effective vulnerability program should also contain effective antivirus and malware protection that remain permanently operational so as to provide continuous protection against viruses, worms and Trojans. Specialist advice should be obtained before deciding which software to use. It's also vital to ensure that the software is regularly updated and that someone in the management team assumes responsibility for ensuring this happens.
Self testing. The vulnerability management program should provide for periodic self checks. This is an important way to measure quality assurance and also to ensure that the program is effective. During a self check system configurations can be monitored to ensure that there are no holes that need to be dealt with.

Although these five steps are not meant to be a comprehensive overview of how to evaluate a vulnerability management program, they provide a framework for starting an evaluation. It is certain that any evaluation will need to involve a variety of staff and other internal resources but the costs involved should not compromise the evaluation process. By providing regular reports to management, it is much easier to stay on top of emerging problems and decisions about replacing equipment or software can be made in a much more logical and informed environment.

This is the only way that Web application Security can be adequately maintained.








HackLabs is a Security Consulting Company specialising in Penetration Testing. We perform testing for our clients whom from all around the world. For more information, visit Penetration Testing.


06 Dec 2010

0 comments:

Post a Comment

:) :)) ;(( :-) =)) ;( ;-( :d :-d @-) :p :o :>) (o) [-( :-? (p) :-s (m) 8-) :-t :-b b-( :-# =p~ $-) (b) (f) x-) (k) (h) (c) cheer
Click to see the code!
To insert emoticon you must added at least one space before the code.

 
Top