The third most important security principle that every business should employ is the identification and mitigation of vulnerabilities.
Vulnerability assessments are a critical exercise that can help a company determine if their software, systems, and applications contain known vulnerabilities. A vulnerability is a fault that can potentially be leveraged by an attacker to compromise IT infrastructure. Specialized tools are used by security analyst to probe and detect vulnerabilities, then rank them by risk. Businesses should address known vulnerabilities by updating software, applying patches, or upgrading system entirely.
As experienced IT security consultants, Rigid Bits has observed a pattern where companies perform vulnerability assessments at a single point in time and believe this is sufficient. It is not.
Vulnerability assessments are critical, but as a stand-alone practice, it does not satisfy the defense in depth approach required by a proper IT security program. Also, a single vulnerability assessment a year may create the illusion that your company is protected once vulnerabilities are identified and remedied. The problem with this thought process is that vulnerabilities are constantly being discovered. As new threats are identified a company may have weakness in IT products for significant amounts of time before they are discovered during the next subsequent vulnerability assessment. The simplest way to remedy this issue is to increase the frequency at which vulnerability scans are performed.
As part of the coreSecurity package, we’ve included ongoing vulnerability assessments to resolve some of the risks with one and done vulnerability scans. Our assessments are done on a quarterly basis and on demand as necessary. We’ll help your company understand what security holes may be present in your exposed IT assets and provide guidelines on how to remedy the problems.
Here are a few links for other resources in this series: