Vulnerability and Incident Lifecycle Management
Vulnerability management deals with identifying, evaluating, and responding to risks so that organizations abate risks. A typical vulnerability lifecycle management includes; Asset inventory, managing information, assessing the risk, assessing vulnerabilities, and reporting and remediation (Phonsa, 2020). The first stage in the vulnerability involves managing organization inventories assets to identify security vulnerability. In the second stage, assets are classified, assigned business values, and prioritized according to their criticality to business operations. Thirdly, baseline risks are determined according to vulnerability threat, asset criticality, and classification (Phonsa, 2020). In the fourth stage, organizations measure and document business risks involved in the business while in the remediation stage, organizations prioritize and fix vulnerabilities according to risks. The final step verifies that threats have been eliminated and follow up channels established through subsequent audits. Don't use plagiarised sources.Get your custom essay just from $11/page
Figure 1: Vulnerability Cycle Management
Conversely, a typical incident handling lifecycle management includes preparation stage, detection, and analysis, containment, eradication and recovery, post-incident activity (Bandos,2019). Preparation is a fundamental stage of incidence response on which practical guidelines are premised. The second stage focuses on observing security events to detect and report potential security occurrences (Bandos, 2019). The third stage analyzes data collected using different tools to identify indicators of compromise. In the fourth stage, intelligence and indicators of compromise collected during the analysis stage are used to develop strategies for containment and neutralization. Lastly, the fifth stage involves documenting information for future reference.
Figure 2: Incidence Lifecycle Management
To this end, there are challenges associated with both vulnerability and incidence lifecycle management. For instance, ineffective change management and blurred network boundaries are some of the challenges facing asset inventory in vulnerability cycle management (Fritz, 2019). These challenges are addressed through the establishment of a single point of authority for inventories. Additionally, regular updates and differences in data privacy laws across the globe make it difficult for incident response teams to maintain a constant pace.
Conclusively, vulnerability management addresses security flaws that enable intruders to exploit an organization‘s weakness using various tools or techniques. Similarly, incident management also involves processes through which a company deals with security incidences. Both methods are, therefore, fundamental in proactive risk management within an organization or a business.
References
Bandos, T. (2019, June 26). The Five Steps of Incident Response. Retrieved from https://digitalguardian.com/blog/five-steps-incident-response
Fritz, M. (2019, February 13). Top 5 Incident Management Issues. Retrieved from https://insights.sei.cmu.edu/insider-threat/2019/02/top-5-incident-management-issues.html
Phonsa, V. (2020, January 29). Vulnerability Management Fundamentals: What You Need to Know. Retrieved from https://www.tenable.com/blog/vulnerability-management-fundamentals-what-you-need-to-know