1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Why you don’t have to fix every vulnerability

Discussion in 'CSO' started by RSS, Jun 9, 2016.

  1. RSS

    RSS New Member Member

    Let that vulnerability sit for a bit
    [​IMG]
    Image by Thinkstock


    The word “vulnerability” typically comes with a “must fix now” response. However, not all vulnerabilities should be treated equally because not all of them pose a risk. It all depends on what the data represents. In fact, some vulnerabilities are OK to deprioritize, depending on associated threats and the value of the asset at risk. For example, a lock on a 20th floor window of a building is not as important as one on the ground level, unless the contents of the room are so valuable that a thief would take the effort to access such an unreachable place. Scans reveal thousands of vulnerabilities across all assets – networks, applications, systems and devices – but they do not show which ones could lead to a damaging compromise if not fixed immediately. It is not about ignoring vulnerabilities; it is about prioritizing how you apply your resources to remediate them. Bay Dynamics provides some examples of vulnerabilities that are OK to put on the back burner.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page