Risk-Based Vulnerability Management: Answering the Four Tough Questions
IT Central Station Peer Paper Report
Modern networks are no longer limited to traditional IT assets. Instead, they also include cloud, operational technology (OT) and container environments, as well as web apps. This evolution of IT has caused organizations of all sizes to experience significant expansion of their attack surface and extraordinary growth in the number of vulnerabilities present in their networks.
This increased complexity has led to the fundamental data problem facing security teams today: regardless of company size, they simply have far more vulnerabilities in their environment than they can possibly handle. As a result, successfully reducing cyber risk means addressing four difficult questions:
- How and where is the organization exposed to risk?
- What should the priorities be for risk detection and mitigation?
- What’s the best way to operationalize risk remediation and track exposure over time?
- How does one’s organizational risk compare to that of its peers?