CSW S1, E15 - What Is Vulnerability Management and Why Is It Needed?

CSW S1, E15 - What Is Vulnerability Management and Why Is It Needed?

Fred Cobb – CISO and VP of Services, InfoSystems

Chad Waddell – Sr. Security Architect, InfoSystems

This episode of the Cybersecurity Weekly Podcast is Part 3 of our series on the Center for Internet Security Top 20 Controls. Here's a quick list of where we're at:

1) Inventory and Control of Hardware Assets
2) Inventory and Control of Software Assets
3) Continuous Vulnerability Management

In this episode, Fred and Chad discuss continuous vulnerability management, the practice of regularly scanning and cleaning devices and the applications being used on those devices. Vulnerability Management is most impactful when a company first has an inventory of Hardware Assets and Software Assets (following the CIS Top 20 Cybersecurity Controls).

Many companies don't realize what vulnerabilities exist on their devices, let alone how to clean them up. New vulnerabilities are found every day, and companies that don't follow a continuous vulnerability management process can quickly find themselves dealing with major security concerns. Being one step ahead can help combat cyber criminals that are quick to exploit vulnerable technology.

There are a number of actions a company can take to protect themselves. One such action is vulnerability scanning. This can be done with the help of tools like the Nessus Vulnerability Scanner.

Vulnerability Scanners get many of the unnecessary threats out of the way. Companies that don't have IT personnel with a solid understanding of Vulnerability Management can get help from a cybersecurity specialist at InfoSystems. Vulnerability programs are widely available, regardless of the size of your company.

There is an abundance of tools and resources available to you for help in regularly scanning your devices and software for vulnerabilities.

Listen to the full episode to learn how your business can begin following the Center for Internet Security Top 20 Controls and make your company more secure.

More Information

We'd love to hear your feedback. If you have any questions, you can text us at 423-697-9528 or email marketing@infosystems.biz.

This episode discusses Control Three of the CIS (Center for Internet Security) "Top 20 Controls." The Top 20 Controls are a set of prioritized best practices designed to help organizations protect themselves from cyber-attacks. It is a framework for every organization, whether you have a full department of IT support or don't have security programs or measures in place. You can learn more about the 20 CIS Controls here.

See the break-down of these CIS Controls' Sub-Controls here.

Discover how other organizations are using these controls here.