A Practice Note providing an overview of what cyber vulnerability management programs are, how they work, and the key role they play in any organization’s information security program. This Note discusses common types of cyber vulnerabilities and core process steps for implementing and maintaining a vulnerability management program to decrease cybersecurity risks. It also addresses common pitfalls that can lead to unnecessary cyber incidents and data breaches.
Most organizations depend on a combination of commercial and custom-developed hardware and software products to support their information technology (IT) needs.
These technology components inevitably include vulnerabilities in their design, setup, or the code that runs them. Cyber vulnerabilities, coupled with growing threats, create risks by leaving organizations open to attacks, data breaches, and other cyber incidents. These events often lead to regulatory enforcement, litigation, or credibility loss. Organizations and their counsel must understand these risks and address vulnerability management in a well-defined and managed information security program. This Note provides an overview of what cyber vulnerability management programs are, how they work, and the important role they play in any organization’s information security program.
