Business driversĀ for vulnerability management
To justify investment in implementing any control, a business driver is absolutely essential. A business driver defines why a particular control needs to be implemented. Some of the typical business drivers for justifying the vulnerability management program are described in the following sections.
Regulatory compliance
For more than a decade, almost all businesses have become highly dependent on the use of technology. Ranging from financial institutions to healthcare organizations, there has been a large dependency on the use of digital systems. This has, in turn, triggered the industry regulators to put forward mandatory requirements that the organizations need to comply. Noncompliance to any of the requirements specified by the regulator attracts heavy fines and bans.
The following are some of the regulatory standards that demand the organizations to perform vulnerability assessments:
- Sarbanes-Oxley (SOX)
- Statements on Standards for Attestation...