From the course: Vulnerability Management: Assessing the Risks with CVSS, CISA KEV, EPSS, and SSVC
Join today to access over 25,300 courses taught by industry experts.
Core components to a program
From the course: Vulnerability Management: Assessing the Risks with CVSS, CISA KEV, EPSS, and SSVC
Core components to a program
- [Instructor] Now that you know how CVSS works and how strategies like SSVC can help you prioritize vulnerabilities, let's talk about how to bring everything together into a vulnerability management program. If you've taken my course that covers The Basics of Vulnerability Management, you might remember the acronym DARC, D-A-R-C, for key components of vulnerability management. Detect, Assess, Resolve, and Confirm. Let's walk through each of these elements needed to build an effective vulnerability management program. First, we need to be able to detect vulnerabilities in our environment. That means we need a vulnerability scanning platform like OpenVAS, Tenable, Qualys, or Rapid7. The next task is to assess the vulnerabilities in your environment to determine the risk they present, so that you can prioritize remediation efforts. After the vulnerabilities have been assessed, you'll want to resolve the vulnerability within your specified timelines. And finally, you'll want to confirm…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.