Hello everybody,

I work in a big company and one of my tasks is vulnerability management.

I’m not really experienced in this field, so I’d like to ask you if you can share the methodology you use to perform risk based vulnerability management.

From what I’ve read usually the elements to work with are: CVSS score, involved assets, location (exposed or local).

Is there some kind of workflow / matrix template or something to use to streamline the process?
Can you share your experience?

Thanks!

Share This Discussion

1 Comment

  • SpawnDnD

    October 30, 2021

    CVSS is a just one element.

    For me if I was setting it up from scratch. All assets are given an importance/criticality score, then there is network location, dmz and items closer to the internet are more important then something you have locked away in a closet…. Then CVSS… Then a business criticality if that is not part of the first number already. This gives you a basis in some sort of guide as to what vulnerabilities to prioritize over others

    Sorry I typed it on my phone and it hate phone responses cause I can’t type

    Reply

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.