What is the vulnerability remediation timeline you have adopted for CVSS >= 7.0 vulnerabilities which are only exposed to your Intranet users (not Internet)?

Security & GRC Threat & Vulnerability Management

Between 6-12 months14%

Between 3-6 months28%

Between 2-3 months19%

Between 1-2 months14%

Between 2 weeks to 1 month12%

Between 1-2 weeks4%

Between 0-1 week6%

Please join or sign in to view more content.

1007 PARTICIPANTS

5.1k views3 Upvotes3 Comments

Sort By:

Oldest

Senior Security and Compliance Auditor in Software5 years ago

7.0 hits my High rating (Medium tops off at 6.9) so it would need to be fully resolved within 30 days (Medium 60 days). I use the CVSS score as a starting point and then score to my organization so it may lower/raise the score based on a number of risk factors, including Intranet only.

CTO in Software5 years ago

CVSS is a great start, but it lacks context. Here's a few questions to start with evaluating the remediation timeline:

1. Who has access to this vulnerable System? 3rd Party/Contractors? Everyone in The Company? A few Employees?

2. Is accessing the System requires going through VPN or MFA? Is there an audit trail?

3. Are there any Security Controllers deployed before one gets an access this System?

4. Are there any Security Controllers deployed on the System, in case it gets comprised?

5. Is this System contains sensitive data? Can Data be leaked from it?

Validating those points (and more), will help establish a more realistic, breach-oriented approach to the problem at hand.

CIO in Finance (non-banking)4 years ago

Cvss is inadequate. I suggest focus on exploitable vulnerabilities and having capacity to remediate new vulnerabilities that show up in the wild. Monitor aging of exploitables and keep those under 60 days.

Content you might like

What is your primary deciding factor in adopting enterprise search?

Strategy & Architecture Cloud End-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results

5.7k views3 Upvotes1 Comment

What’s on your IAM roadmap for the next 18-24 months?

Identity & Access Management (IAM)Threat & Vulnerability Management Security Strategy & Roadmap

Director of IT in IT Services4 days ago

Implementation of Zero trust architecture, its modules across the organisation is a priority for us. So, we will be implementing zero trust strategies in IAM, inline with overall strategy.

1.4k views1 Comment

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Applications & Platforms Cloud Data & Analytics+15 more

Head of Enterprise Architecture MERCK Group in Healthcare and Biotecha year ago

Strategy & Architecture

Is flutter flow best for app builder software

Applications & Platforms Cloud Contact Center & Telecom+15 more

Yes79%

No20%

1.2k views

What cybersecurity topics do you think are critical for CIOs to be more involved in, even in orgs that have a CISO?

Relationship Management Security & GRC Security Strategy & Roadmap+1 more

Director of IT in Healthcare and Biotech9 days ago

Cybersecurity governance and risk management (setting up monitoring of emerging threats), data protection and privacy compliance (standardize on data protection across all channels), incident response and recovery planning ...read more