vulnerability management (security) (VM)

Vulnerability Management(VM) deals with the security-relevant vulnerabilities in IT systems. Vulnerability management aims to develop processes and techniques that can be used to introduce and manage a security configuration in companies in order to increase IT security.

Vulnerability management includes the management of security gaps and vulnerability analysis, taking into account the human, machine, environment and data factors described in detail in the BS 7799 resp. ISO 17799 and ISO 27001 standards. In addition, the Common Vulnerability ScoringSystem( CVSS), which is used to create a rating index, plays a key role in vulnerability management.

Vulnerability management is ensured in the long term through various processes. These include regular checks of the network, firewall logging, by penetration tests or virus scanners. The identification of chess points by network analyzers and the detection of anomalies that indicate attacks with malware or other malicious attacks. Verifying vulnerabilities. It must be determined if the vulnerabilities impact servers, applications, networks or systems. In addition, the risk must be classified. Another processis to investigate how vulnerabilities can be prevented and eliminated.

Since threats are constantly evolving, vulnerability management strategies must be updated regularly to reflect changing threat scenarios.