You're reading from Information Security Handbook Enhance your proficiency in information security program development

Product type Paperback

Published in Oct 2023

Publisher Packt

ISBN-13 9781837632701

Length 370 pages

Edition 2nd Edition

Concepts

Information Security

Author (1):

Darren Death

View More author details

Table of Contents (16) Chapters

Preface

1. Chapter 1: Information and Data Security Fundamentals

2. Chapter 2: Defining the Threat Landscape FREE CHAPTER

3. Chapter 3: Laying a Foundation for Information and Data Security

4. Chapter 4: Information Security Risk Management

5. Chapter 5: Developing Your Information and Data Security Plan

6. Chapter 6: Continuous Testing and Monitoring

7. Chapter 7: Business Continuity/Disaster Recovery Planning

8. Chapter 8: Incident Response Planning

9. Chapter 9: Developing a Security Operations Center

10. Chapter 10: Developing an Information Security Architecture Program

11. Chapter 11: Cloud Security Considerations

12. Chapter 12: Zero Trust Architecture in Information Security

13. Chapter 13: Third-Party and Supply Chain Security

14. Index

Why subscribe?

15. Other Books You May Enjoy

Closing information system vulnerabilities

A vulnerability refers to a weakness in a piece of technology, such as a workstation, server, router, software, cloud, or process, that undermines the system’s ability to provide adequate security assurance that the threat actors will use that have been previously discussed. Three aspects must be considered to assess a vulnerability properly:

First, the information system’s susceptibility to a particular flaw must be determined. This review involves ascertaining whether the specific version of the technology or software in question meets the criteria for the vulnerability to exist.
Next, it must be determined whether an attacker can access the information system to exploit the flaw. Depending on the technology and location, an attacker may not have immediate access to the system. This information helps prioritize vulnerabilities as it relates to enterprise vulnerability management.
Finally, whether sufficient means exist to exploit the flaw must be determined. If an active exploit exists in the wild for a given vulnerability, it should be considered a high-priority vulnerability to be addressed immediately.

After carefully reviewing the characteristics of vulnerabilities related to a specific information system, an information security professional can determine the attack surface for a given vulnerability and prioritize how the enterprise should mitigate the vulnerability. Hundreds of vulnerabilities may exist in an information system at any time. Therefore, the information security professional must be able to prioritize critical vulnerabilities that must be addressed immediately, while other vulnerabilities can be managed more methodically and reasonably over time. The following table provides more details related to this concept.

Example Triage Chart for Vulnerabilities
All Hands on Deck	Planned Methodical Deployment
Vulnerability can be executed over the network Information system is exposed to the internet An information system is not patched correctly and is running an old version of server software or operating system software	Vulnerability requires physical access to be exploited The information system is well protected within the network The server is maintained and adequately patched

Table 2.1

Vulnerability management

It is essential to understand that many situations that require an all hands on deck response in information security are often a result of poor management of the enterprise information system. If an organization’s information system is not regularly patched, it can create serious vulnerabilities that must be addressed immediately. Vulnerability management is identifying and addressing vulnerabilities within an organization’s information system. The process involves several steps:

Firstly, the organization must identify vulnerabilities in its specific information system. This identification can be made through enterprise vulnerability management tools, such as Nessus, as well as staying up to date with information security blogs and subscribing to security sites for the vendors they use.
Secondly, the organization must triage the vulnerabilities and determine the level of risk they pose to the organization. The information security professional must communicate this risk effectively and determine whether an all hands on deck or a planned approach to a vulnerability is needed.
Thirdly, the organization must research, plan, and deploy the appropriate mitigations for applicable vulnerabilities. There may be multiple tasks involved in vulnerability mitigation. The information security professional must fully understand these steps, communicate them to stakeholders, and adequately deploy the appropriate countermeasures to mitigate the vulnerability.
Finally, the organization must continuously monitor the information system to ensure that vulnerabilities have been fully mitigated. Utilizing a vulnerability assessment tool during the vulnerability mitigation process will allow the organization to continuously assess its information system, track progress, and understand when they have successfully met its goal.