Is it necessary or even possible to address all vulnerabilities within your environment? I think that most experienced individuals with say the answer to this question is a resounding no. It is nearly impossible to address all vulnerabilities within your environment, unless of course you have an unlimited budget and resources but as we all know that isn't the case.
So what do you do with all these vulnerabilities? Thinking about all the things that can go wrong with your environment and the consequences of not addressing vulnerabilities may begin to make your head hurt a bit. The answer is to use an effective risk management approach to dealing with vulnerabilities. Using a risk management approach will allow you to place a value on your assets and determine the criticality of the vulnerabilities on your most important assets. Since you can't address all vulnerabilities you must use a risk management process to establish the risk associated with each vulnerability. This will allow you to focus on risks that are extremely detrimental to your environment and mitigate those while accepting a minimal risk for the others.
No comments:
Post a Comment