4 min
Vulnerability Management
How Adaptive Security fits into your Vulnerability Management Program
Building an Application Vulnerability Management Program, found in the SANS
Institute Reading Room (
https://www.sans.org/reading-room/whitepapers/application/building-application-v
ulnerability-management-program-35297), identifies vulnerability program
management as a cyclical process involving the following steps:
* Policy
* Discovery and Baseline
* Prioritization
* Shielding and Mitigation
* Eliminating the Root Cause
* Monitoring
While the use of Nexpose applies to several of these
2 min
CIS Controls
Use DHCP Discovery to Implement Critical Security Control 1
The number one critical security control from the Center for Internet Security
recommends actively managing all hardware devices on the network:
CSC 1: Inventory of Authorized and Unauthorized Devices
Actively manage (inventory, track, and correct) all hardware devices on the
network so that only authorized devices are given access, and unauthorized and
unmanaged devices are found and prevented from gaining access.
http://www.cisecurity.org/critical-controls.cfm
Here a some of the reasons y
2 min
Understanding Security Control Grades
One of the most valuable features of ControlsInsight is its ability to
prioritize security control improvement guidance as a sequence of next steps. It
does this by grading each security control configuration and ordering the
guidance for each configuration by grade. ControlsInsight calculates the grade
for each security control configuration based upon the coverage of that
configuration across all assessed assets and a weight assigned to that
configuration.
Coverage
Coverage is the measure of