Vulnerability management (VM) has been around for millennia. Cities, tribes, nations, and corporations have all employed its principles. The operational and engineering successes of any organization depend on the ability to identify and remediate a vulnerability that a would-be attacker might seek to exploit. What were once small communities became castles. Cities had fortifications and advanced warning systems. All such measures were the result of a group recognizing their vulnerabilities and addressing them in different ways. Today, we identify vulnerabilities in our software systems, infrastructure, and enterprise strategies. Those vulnerabilities are addressed through various and often creative means.
Vulnerability Management demonstrates a proactive approach to the discipline. Illustrated with examples drawn from Park Foreman’s more than three decades of multinational experience, the book demonstrates how much easier it is to manage potential weaknesses than to clean up after a violation. Covering the diverse realms that CISOs need to know and the specifics applicable to singular areas of departmental responsibility, he provides both the strategic vision and action steps needed to prevent the exploitation of IT security gaps, especially those that are inherent in a larger organization. Completely updated, the second edition provides a fundamental understanding of technology risks—including a new chapter on cloud vulnerabilities and risk management—from an interloper’s perspective.
This book is a guide for security practitioners, security or network engineers, security officers, and CIOs seeking understanding of VM and its role in the organization. To serve various audiences, it covers significant areas of VM. Chapters on technology provide executives with a high-level perspective of what is involved. Other chapters on process and strategy, although serving the executive well, provide engineers and security managers with perspective on the role of VM technology and processes in the success of the enterprise.
Table of Contents
About the Author
2 The Vulnerability Experience
3 Program and Organization
5 Selecting Technology
7 Execution, Reporting, and Analysis
9 Strategic Vulnerabilities
10 Managing Vulnerabilities in the Cloud
11 Summary and the Future
Park Foreman is a Security and Compliance Architect at IBM Cloud Brokerage Services where he designs security controls supporting customers in their migration journey to cloud services. He is a recognized expert in vulnerability management, incident management and cyber security strategy. Park holds a Master of Science degree in information security and assurance and CISSP-ISSAP certification among others. Originally starting his information security experience in college working on operating system kernel security design, he went on to work in application security at Bell Labs and network security in the banking and telecommunications industries. In addition to first and second edition of this book, Park has also published articles in the ISSA Journal and presented at security conferences. At IBM, Park continues to work across business units on developing new technologies and methods to secure cloud services and applications.