Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Network Vulnerability Assessment

You're reading from   Network Vulnerability Assessment Identify security loopholes in your network's infrastructure

Arrow left icon
Product type Paperback
Published in Aug 2018
Publisher
ISBN-13 9781788627252
Length 254 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Sagar Rahalkar Sagar Rahalkar
Author Profile Icon Sagar Rahalkar
Sagar Rahalkar
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Vulnerability Management Governance FREE CHAPTER 2. Setting Up the Assessment Environment 3. Security Assessment Prerequisites 4. Information Gathering 5. Enumeration and Vulnerability Assessment 6. Gaining Network Access 7. Assessing Web Application Security 8. Privilege Escalation 9. Maintaining Access and Clearing Tracks 10. Vulnerability Scoring 11. Threat Modeling 12. Patching and Security Hardening 13. Vulnerability Reporting and Metrics 14. Other Books You May Enjoy

Business drivers for vulnerability management

To justify investment in implementing any control, a business driver is absolutely essential. A business driver defines why a particular control needs to be implemented. Some of the typical business drivers for justifying the vulnerability management program are described in the following sections.

Regulatory compliance

For more than a decade, almost all businesses have become highly dependent on the use of technology. Ranging from financial institutions to healthcare organizations, there has been a large dependency on the use of digital systems. This has, in turn, triggered the industry regulators to put forward mandatory requirements that the organizations need to comply. Noncompliance to any of the requirements specified by the regulator attracts heavy fines and bans.

The following are some of the regulatory standards that demand the organizations to perform vulnerability assessments:

  • Sarbanes-Oxley (SOX)
  • Statements on Standards for Attestation Engagements 16 (SSAE 16/SOC 1 (https://www.ssae-16.com/soc-1/))
  • Service Organization Controls (SOC) 2/3
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Gramm Leach Bliley Compliance (GLBA)
  • Federal Information System Controls Audit Manual (FISCAM)

Satisfying customer demands

Today's customers have become more selective in terms of what offerings they get from the technology service provider. A certain customer might be operating in one part of the world with certain regulations that demand vulnerability assessments. The technology service provider might be in another geographical zone but must perform the vulnerability assessment to ensure the customer being served is compliant. So, customers can explicitly demand the technology service provider to conduct vulnerability assessments.

Response to some fraud/incident

Organizations around the globe are constantly subject to various types of attacks originating from different locations. Some of these attacks succeed and cause potential damage to the organization. Based on the historical experience of internal and/or external fraud/attacks, an organization might choose to implement a complete vulnerability management program.

For example, the WannaCry ransomware that spread like fire, exploited a vulnerability in the SMB protocol of Windows systems. This attack must have triggered the implementation of a vulnerability management program across many affected organizations.

Gaining a competitive edge

Let's consider a scenario wherein there are two technology vendors selling a similar e-commerce platform. One vendor has an extremely robust and documented vulnerability management program that makes their product inherently resilient against common attacks. The second vendor has a very good product but no vulnerability management program. A wise customer would certainly choose the first vendor product as the product has been developed in line with a strong vulnerability management process.

Safeguarding/protecting critical infrastructures

This is the most important of all the previous business drivers. An organization may simply proactively choose to implement a vulnerability management program, irrespective of whether it has to comply with any regulation or satisfy any customer demand. The proactive approach works better in security than the reactive approach.

For example, an organization might have payment details and personal information of its customers and doesn't want to put this data at risk of unauthorized disclosure. A formal vulnerability management program would help the organization identify all probable risks and put controls in place to mitigate this.

You have been reading a chapter from
Network Vulnerability Assessment
Published in: Aug 2018
Publisher:
ISBN-13: 9781788627252
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image