347 pages | 45 B/W Illus.
As old as the threat of danger itself, vulnerability management (VM) has been the responsibility of leaders in every human organization, from tribes and fiefdoms right up through modern multinationals. Today, the focus of vulnerability management is still on infrastructure, but as knowledge is power and the lifeblood of any organization is its capacity for quick system-wide response, current emphasis needs to be placed on maintaining the integrity of IT applications, so critical to the real and the virtual infrastructure and productivity of any community or business entity.
Written by international security consultant Park Foreman, Vulnerability Management demonstrates a proactive approach. Illustrated with examples drawn from more than two decades of multinational experience, Foreman demonstrates how much easier it is to manage potential weaknesses, than to clean up after a violation. Covering the diverse realms that chief officers need to know and the specifics applicable to singular areas of departmental responsibility, he provides both the strategic vision and action steps needed to prevent the exploitation of IT security gaps, especially those that are inherent in a larger organization. Providing a fundamental understanding of technology risks from an interloper’s perspective, this efficiently organized work:
Throughout history, the best leaders not only responded to manifested threats but anticipated and prepared for potential ones that might overtly or insidiously compromise infrastructure and the capacity for productivity. Great vulnerability management is often hard to quantify, as the best measure of its success is that which never happens.
Many people are unaware of vulnerability management (VM), which can help ensure security for information technology infrastructure and improve an organization's governance, risk, and compliance posture. This work can help to rectify that lack of knowledge. … The author's writing style is direct and chapters are well-sequenced and organized. Foreman's use of examples and detailed case studies help the reader to understand how vulnerabilities are created. Illustrations further clarify VM and most chapters provide a concise summary. Overall, this book provides excellent guidance for the information security practitioner and the network security engineer, as well as those who need an understanding of the strategic significance of vulnerabilities and reasons for their control.
—Steven T. Yanagimach, CISSP, The Boeing Company, in Security Management, October 2011
The Vulnerability Experience
Program and Organization
Execution, Reporting and Analysis