Nowadays most organizations have begun to implement a Vulnerability Management Program (VMP), but implementing one is daunting. Most organizations realize they either have no true categorical ownership over systems or they lack the authority to enforce remediation of identified vulnerabilities. Either way, it is time consuming to track down and enforce a true VMP within many organizations.
What is a Vulnerability Management Program?
If you are new to implementing a VMP, then you first must understand what vulnerability management is. It seems self-evident, but it is the management (life-cycle) of identifying risks related to unpatched, misconfigured and unknown systems within an entity and implementing a remediation process for any identified risk.