{"id":4230,"date":"2019-08-18T05:44:33","date_gmt":"2019-08-18T05:44:33","guid":{"rendered":"https:\/\/209.235.70.100\/?p=4230"},"modified":"2020-01-04T05:44:57","modified_gmt":"2020-01-04T05:44:57","slug":"de-mystifying-security-series-vulnerability-risk-management","status":"publish","type":"post","link":"https:\/\/www.navisite.com\/blog\/de-mystifying-security-series-vulnerability-risk-management\/","title":{"rendered":"De-mystifying Security Series: Vulnerability Risk Management"},"content":{"rendered":"\n
Identifying and dealing with cybersecurity vulnerabilities is key to preventing cyberattacks – and it\u2019s generally cheaper and more effective to plug any holes rather than having to deal with a threat which has already penetrated security defenses.<\/p>\n\n\n\n
Vulnerability Risk Management (VRM)<\/strong><\/p>\n\n\n\n Vulnerability Risk Management (VRM) describes the processes and technologies deployed to identify potential weaknesses. Specifically, vulnerabilities are potential gaps in security provisions that could be exploited to gain access to network resources.<\/p>\n\n\n\n VRM also defines how a business responds to identified vulnerabilities. This is usually a documented process that outlines how vulnerabilities are prioritized, and the steps taken to close each gap depending on the assigned priority. Ultimately, vulnerability risk management is about preventing similar problems in future.<\/p>\n\n\n\n Threat & Vulnerability Management \u2013 TVM<\/strong><\/p>\n\n\n\n Extending VRM, Threat & Vulnerability Management also addresses threats<\/em>. In the context of TVM, threats describe the tools and techniques employed by cybercriminals to exploit known vulnerabilities. In some cases, threats also relate to accidental<\/em>exploits that result in similar outcomes \u2013 loss or damage to network assets.<\/p>\n\n\n\n TVM also covers management of threats and vulnerabilities, detailing how an organization identifies and responds to both. Identified threats and vulnerabilities are prioritized and patched according to a documented procedure agreed by IT management, with a view to protecting network assets and the rest of the business.<\/p>\n\n\n\n Continuous Adaptive Risk and Trust Assessment \u2013 CARTA<\/strong><\/p>\n\n\n\n At the most basic level, Continuous Adaptive Risk and Trust Assessment (CARTA) is a new approach to managing risk. The CARTA methodology is intended to help businesses deploy security safeguards that keeps pace with developments in technology and cybersecurity.<\/p>\n\n\n\n A CARTA-based strategy is built on the assumption that all systems and applications have already been compromised. CARTA operates against a comprehensive asset inventory. Each asset is continuously monitored and assessed for risk, providing early warning of potential breaches and to establish trust that the system in question has not been breached.<\/p>\n\n\n\n How Navisite can assist<\/strong><\/p>\n\n\n\n Navisite partners with leading providers like Kenna Security, Bitsight, Alert Logic, and leading scanning providers (e.g. Qualys) to provide vulnerability risk management and continuous compliance for its clients. Navisite\u2019s deep bench of vulnerability management specialists\u2019 leverage our partner platform solutions to provide \u2018outside-in\u2019 and \u2018inside-out\u2019 visibility into the security posture of our clients. Proactively, our approach enables detection of risk, expert prioritization, and smart remediation of assets and continuous compliance across multi-cloud environments.<\/p>\n\n\n\n To learn more about VRM, what it means for your business, and how Navisite can help, please get in touch<\/a>. For more information on cloud security click here<\/a> or call (888) 298-8222.<\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":114,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"acf":[],"yoast_head":"\n