Trying to create a Vulnerability Policy and Processes. Any advice or recommendations?

IT Strategy & RoadmapFeedback
1.9k views2 Comments
Sort By:
Oldest
Principle Consultant in IT Servicesa year ago
Off the top of my head.

Start with a broad Vulnerability Management Policy. Ensure is includes all the components of asset management and prioritization, vulnerability scanning and prioritization, risk management and remediation.

Then, talk to people who would execute these functions, figure out what you are capable of, and understand the costs involved (people and technology costs).

Next, see what management would sign off on.
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Program Manager II in Healthcare and Biotech10 months ago
Some of the recommendations from past experience:

1. Make it a collaborative effort: Get input from all stakeholders, including IT, security, risk management, and business operations. This will help ensure that the policy is comprehensive and meets the needs of the entire organization.

2. Align the policy with your organization's risk appetite: Not all vulnerabilities are created equal. Some vulnerabilities are more critical than others, and some pose a greater risk to your organization's assets. The policy should reflect your organization's risk appetite and prioritize vulnerabilities accordingly.

3. Make it realistic and achievable: The policy should be feasible to implement and maintain. Don't set yourself up for failure by creating a policy that is too complex or expensive to implement.

4. Communicate the policy to everyone in the organization: Everyone needs to be aware of the vulnerability policy and their role in implementing it. Make sure to communicate the policy to all employees, contractors, and vendors.

5. Review and update the policy regularly: The vulnerability landscape is constantly changing, so it's important to review and update your policy regularly to ensure that it remains effective.
1

Content you might like

Looking for IT Benchmarking resources for the manufacturing industry, what are sources that you have found to be helpful?

KPIs, Metrics & ReportingIT Strategy & RoadmapData & Analytics
VP of IT in Retail3 days ago
If you have a full Gartner license, they have a benchmarking tool that maps out to your industry.  It was useful for my needs.
701 views1 Comment

What is your primary deciding factor in adopting enterprise search?

Strategy & ArchitectureCloudEnd-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results
5.7k views3 Upvotes1 Comment

We are actively doing a bake off between SAP Concur and Egencia for our global Travel Management system. Would love to hear about your experience using Egencia and if you are within the Professional Services industry. 

IT Strategy & RoadmapApplications & Platforms
720 views

What's a greater concern for returning to the office? Comment how you are prioritizing...

People & LeadershipStrategy & ArchitectureCloud+29 more

Human Factors (fears, mental health, physical spacing)85%

Technical / IT Factors (on-premise tools, pivoting back away from remote)14%

3.7k views3 Upvotes2 Comments

What tips or advice can you offer for improving collaboration between historically siloed security operations and IT teams? How can you begin building bridges between them to have better teamwork on things like vulnerability remediation?

People & LeadershipIT Strategy & RoadmapSecurity & GRC
CIO in Educationa month ago
I'm going to highly recommend Keith Ferrazzi's new book - Never Lead Alone - the book will explain how to shift from leadership to teamship. People need to be candid and accountable to and with each other as a start, and ...read more
1
Read More Comments
1.6k views1 Upvote3 Comments