Open navigation menu

Scribd

0% found this document useful (0 votes)

30 views4 pages

Vulnerability Management

Uploaded by

Takkellapati Sai Himaja

Copyright

© © All Rights Reserved

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

30 views4 pages

Vulnerability Management

Uploaded by

Takkellapati Sai Himaja

Copyright

© © All Rights Reserved

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

Vulnerability Management: Study Notes

1. Introduction to Vulnerabilities

 Definition: A vulnerability is a flaw or weakness in software that

can be exploited by a threat actor to compromise an IT system.

 Common Outcomes of exploitation:

o Data exfiltration

o System control (e.g., remote code execution)

o Ransomware deployment

2. Key Terms

 Vulnerability: A software weakness that can be exploited.

 Threat: An entity (individual or group) actively looking to exploit

vulnerabilities.

 Risk: The potential damage or loss that can result if a vulnerability

is successfully exploited by a threat.

Example:

 Vulnerability: Outdated Windows server with RCE flaw.

 Threat: Ransomware gang.

 Risk: Financial losses due to system downtime and data recovery.

3. CVE and CVSS

 CVE (Common Vulnerabilities and Exposures):

o An identifier for known vulnerabilities.

o Format: CVE-YYYY-XXXX

 CVSS (Common Vulnerability Scoring System):

o Measures severity of a vulnerability (scale of 0–10).

o Managed by NVD (National Vulnerability Database),

maintained by NIST.

CVSS Metric Groups:

1. Base Metrics:

o Exploitability: Ease of exploitation.

o Impact: Potential consequence of a successful exploit.

2. Temporal Metrics:

o Change over time (e.g., availability of exploit kits or patches).

3. Environmental Metrics:

o Specific to an organization’s environment (e.g., existing

security controls, system importance).

4. Vulnerability Management Lifecycle

A continuous process involving multiple teams such as:

 Vulnerability Management

 IT Risk/Compliance

 Patching/Infrastructure

Steps:

1. Discover:

o Identify vulnerabilities using:

 Remote scans

 Agent-based scans

2. Prioritize Assets:

o Consider if assets are:

 In DMZ (demilitarized zone)

 Public facing

 Contain crown jewels (critical business data)

 Hosting mission-critical applications

3. Assess and Triage:

o Focus on CVSS ≥ 7 (high severity, often exploited)

o Triage results based on exploitability and business impact

4. Report:
o Create clear, actionable reports

o Show affected assets and severity rankings

5. Remediate:

o Primarily via patches and system upgrades

o Based on priority in the report

6. Verify:

o Conduct follow-up scans post-remediation

o Manual checks where necessary

5. Scanning Strategies

Types of Scans:

1. Remote Scans:

o Conducted externally

o Emulates attacker perspective

o Focused on public IPs, external exposure

2. Agent-Based Scans:

o Internal scanning from the asset

o High fidelity results (registry, config files)

3. Authenticated Scans:

o Use system credentials

o Provide in-depth, accurate vulnerability data

4. Unauthenticated Scans:

o No credentials used

o Surface-level analysis

Attack Surface Management:

 Involves scanning external-facing systems

 Identifies what attackers can see

 Often reveals firewall misconfigurations or exposed ports

Internal Vulnerability Scanning:

 Essential for detecting lateral movement opportunities

 Attackers already inside the network may exploit these

6. Risk Management for Scanning

 Some devices (e.g., IP cameras, sensitive systems) can be disrupted

by scans.

 Steps to manage:

1. Get risk acceptance from risk/compliance teams.

2. Add devices/IPs to scanner exemption lists.

3. Apply network segmentation to reduce exposure.

You might also like

Vulnerability Management Lifecycle
No ratings yet
Vulnerability Management Lifecycle
8 pages
Vulnerability Management - Cyber Security
No ratings yet
Vulnerability Management - Cyber Security
42 pages
Eccouncil Ecihv2 1 2 1 What Is Vulnerability Management
No ratings yet
Eccouncil Ecihv2 1 2 1 What Is Vulnerability Management
4 pages
Vuln Man 91003
No ratings yet
Vuln Man 91003
42 pages
Project Plan: Document Title: Project Plan Project Name: Vulnerability Management 1.0 Issue Date: 11/10/17
No ratings yet
Project Plan: Document Title: Project Plan Project Name: Vulnerability Management 1.0 Issue Date: 11/10/17
11 pages
PTC - Interview Questions On Vulnerability Assessment 1
No ratings yet
PTC - Interview Questions On Vulnerability Assessment 1
20 pages
CompTIA Security + Chapter 5
No ratings yet
CompTIA Security + Chapter 5
27 pages
Designing a Vulnerability Management Program
No ratings yet
Designing a Vulnerability Management Program
38 pages
Unit 4
No ratings yet
Unit 4
65 pages
Hybrid Framework for Vulnerability Management
No ratings yet
Hybrid Framework for Vulnerability Management
16 pages
Mse (Vapt)
No ratings yet
Mse (Vapt)
15 pages
Ab
No ratings yet
Ab
8 pages
Mastering Vulnerability Management ?
No ratings yet
Mastering Vulnerability Management ?
23 pages
Vulnerability Management Guide
No ratings yet
Vulnerability Management Guide
2 pages
Effective Vulnerability Management Strategies
No ratings yet
Effective Vulnerability Management Strategies
69 pages
Fortra Vulnerability Management Overview
No ratings yet
Fortra Vulnerability Management Overview
15 pages
Activity 2 - Scenario-Based Vulnerability Assessment Exercise
No ratings yet
Activity 2 - Scenario-Based Vulnerability Assessment Exercise
4 pages
Unit 2 Question Answer
No ratings yet
Unit 2 Question Answer
8 pages
How To VA Step-By-step
No ratings yet
How To VA Step-By-step
18 pages
Vulnerability Management Process Overview
No ratings yet
Vulnerability Management Process Overview
10 pages
VAPT Basic - 1
No ratings yet
VAPT Basic - 1
7 pages
CySA+ CS0-002 Cheat Sheet
100% (3)
CySA+ CS0-002 Cheat Sheet
31 pages
An Approach To Vulnerability Management: by Umesh Chavan, CISSP
No ratings yet
An Approach To Vulnerability Management: by Umesh Chavan, CISSP
3 pages
Threat-Centric Vulnerability Management Guide
No ratings yet
Threat-Centric Vulnerability Management Guide
19 pages
Vulnerability Assessment Best Practices
No ratings yet
Vulnerability Assessment Best Practices
25 pages
Importance of CVSS in Penetration Testing
No ratings yet
Importance of CVSS in Penetration Testing
23 pages
Vulnerability Management
No ratings yet
Vulnerability Management
5 pages
Kickstart Career in Vulnerability Management
No ratings yet
Kickstart Career in Vulnerability Management
2 pages
VulScan Datasheet
No ratings yet
VulScan Datasheet
11 pages
Maltego Whitepaper Common Pitfalls To Avoid in Vulnerability Risk Assessments
No ratings yet
Maltego Whitepaper Common Pitfalls To Avoid in Vulnerability Risk Assessments
10 pages
Cyber Security2
No ratings yet
Cyber Security2
16 pages
Vulnerability Assessment Guide
No ratings yet
Vulnerability Assessment Guide
17 pages
Cso - Unit 5
No ratings yet
Cso - Unit 5
8 pages
CSD4001-Study Material-Midterm
No ratings yet
CSD4001-Study Material-Midterm
63 pages
Vulnerability Management Guide
No ratings yet
Vulnerability Management Guide
34 pages
Vulnerability Testing and Server Client Side Attack
No ratings yet
Vulnerability Testing and Server Client Side Attack
34 pages
VULNERABILITY MANAGEMENT by Francis
No ratings yet
VULNERABILITY MANAGEMENT by Francis
8 pages
Pen Testing
No ratings yet
Pen Testing
65 pages
CySA+ Exam Prep for Analysts
No ratings yet
CySA+ Exam Prep for Analysts
15 pages
Day2va 121130175145 Phpapp01
No ratings yet
Day2va 121130175145 Phpapp01
24 pages
Vulnerability Management Procedure Guide
No ratings yet
Vulnerability Management Procedure Guide
13 pages
CySA+ Last Minute Review Guide (CS0-002) - 2021
100% (1)
CySA+ Last Minute Review Guide (CS0-002) - 2021
14 pages
Qualys Foundation
No ratings yet
Qualys Foundation
28 pages
Unit 4 - Vulnerability Assessment and Penetration Testing
No ratings yet
Unit 4 - Vulnerability Assessment and Penetration Testing
19 pages
Best Practices for Vulnerability Assessments
100% (1)
Best Practices for Vulnerability Assessments
25 pages
AD1084029
No ratings yet
AD1084029
26 pages
2023 Vulnerability Statistics Report
No ratings yet
2023 Vulnerability Statistics Report
40 pages
Module 4
No ratings yet
Module 4
31 pages
Brian - Ashworth: Assessment Event 1 - Assess Network Security Threats and Vulnerabilities To Identify Risk (VM)
No ratings yet
Brian - Ashworth: Assessment Event 1 - Assess Network Security Threats and Vulnerabilities To Identify Risk (VM)
6 pages
Top Concerns Vulnerability Data Report
No ratings yet
Top Concerns Vulnerability Data Report
3 pages
Vulnerability Management Process
50% (2)
Vulnerability Management Process
4 pages
M2 T4
No ratings yet
M2 T4
12 pages
Implementing Risk Based Vulnerability Management Trurisk
No ratings yet
Implementing Risk Based Vulnerability Management Trurisk
10 pages
Comp Tiach5
No ratings yet
Comp Tiach5
5 pages
1 Vulnerability Management Overview
No ratings yet
1 Vulnerability Management Overview
16 pages
Vulnerability Management and Patch Management: Enhancing Security Posture
No ratings yet
Vulnerability Management and Patch Management: Enhancing Security Posture
3 pages
Digital Forensics and Electronic Evidenc
No ratings yet
Digital Forensics and Electronic Evidenc
11 pages
Application Driven UnusedConnectors
No ratings yet
Application Driven UnusedConnectors
262 pages
AI Driven Cybersecurity
No ratings yet
AI Driven Cybersecurity
13 pages
RuntimeOptions BoomiCourse
No ratings yet
RuntimeOptions BoomiCourse
7 pages
Applications of First-Order DEs
No ratings yet
Applications of First-Order DEs
8 pages
Business Industry Classification Quiz
No ratings yet
Business Industry Classification Quiz
1 page
Magnel's Method in Prestressed Concrete
No ratings yet
Magnel's Method in Prestressed Concrete
14 pages
URN Theme D Planning Report 2015 FINAL
No ratings yet
URN Theme D Planning Report 2015 FINAL
54 pages
Project Proposal
No ratings yet
Project Proposal
12 pages
Food Fermentation Script
No ratings yet
Food Fermentation Script
4 pages
Calaveras
No ratings yet
Calaveras
26 pages
TAMAYA Digital Current Meter Overview
No ratings yet
TAMAYA Digital Current Meter Overview
2 pages
A Study On Work Life Balance Among Women Teachers in Mumbai City
No ratings yet
A Study On Work Life Balance Among Women Teachers in Mumbai City
8 pages
10x Summit
No ratings yet
10x Summit
5 pages
Scan 10 Rules
67% (3)
Scan 10 Rules
42 pages
Texas Venues by Region
No ratings yet
Texas Venues by Region
674 pages
Spoliarium by Juan Luna (1884) - Painting, Old Master, Art
No ratings yet
Spoliarium by Juan Luna (1884) - Painting, Old Master, Art
3 pages
Singeing, Desizing, Scouring
100% (2)
Singeing, Desizing, Scouring
40 pages
08.20.18 Game Notes
No ratings yet
08.20.18 Game Notes
8 pages
Chapter 7.17 Elecsys® Immunoassay Systems
No ratings yet
Chapter 7.17 Elecsys® Immunoassay Systems
5 pages
SEL-487E Test Current Calculator Guide
No ratings yet
SEL-487E Test Current Calculator Guide
3 pages
Boral OSN Onboarding
No ratings yet
Boral OSN Onboarding
28 pages
Instant Download Mesa and Tex Mex A Southwest Cookbook Featuring Authentic Mesa and Mexican Recipes 2nd Edition Booksumo Press PDF All Chapter
No ratings yet
Instant Download Mesa and Tex Mex A Southwest Cookbook Featuring Authentic Mesa and Mexican Recipes 2nd Edition Booksumo Press PDF All Chapter
37 pages
List Siri Commands
100% (2)
List Siri Commands
13 pages
Adb Brief 102 Bangladesh Leather Industry
No ratings yet
Adb Brief 102 Bangladesh Leather Industry
8 pages
Cloud Security Threats Overview
No ratings yet
Cloud Security Threats Overview
17 pages
Lpai - Icp Bhittamore On Indo-Nepal Border
100% (1)
Lpai - Icp Bhittamore On Indo-Nepal Border
14 pages
Classic Art Works LTD V Lukenge Anor (Civil Suit No 206 of 2010) 2014 UGCommC 35 (11 April 2014)
No ratings yet
Classic Art Works LTD V Lukenge Anor (Civil Suit No 206 of 2010) 2014 UGCommC 35 (11 April 2014)
14 pages
Hazard Assessment for Structure Works
No ratings yet
Hazard Assessment for Structure Works
3 pages
Mark Scheme - June 2024 (H460 - 02)
No ratings yet
Mark Scheme - June 2024 (H460 - 02)
33 pages
MUP - Environment Climate and Health - 2024 2025
No ratings yet
MUP - Environment Climate and Health - 2024 2025
5 pages
Har Ghar Tiranga Final
No ratings yet
Har Ghar Tiranga Final
7 pages
MRI Basic Principles and Applications Third Edition Mark A. Brown 2025 Download Now
No ratings yet
MRI Basic Principles and Applications Third Edition Mark A. Brown 2025 Download Now
148 pages
Article 78 Petition
No ratings yet
Article 78 Petition
18 pages