Configuration and Vulnerability Management
I would like you to show me how configuration and vulnerability management are connected / dependent on each other. and How Configuration management can help in vulnerability management in achieving goals. Would appreciate early response. Thank you.
Assign topic to the user
Configuration management is related to you know which assets you have and how they are configured, while vulnerability management is related to the identification and handling of misconfigurations and threats that can exploit current configurations.
Both configuration and vulnerability management are connected by the fact that by means of configuration management you can:
- identify the impact of identified vulnerabilities (e.g., how many devices are vulnerable, which sets of configurations should be analyzed/changed.
- prioritize which vulnerabilities to look for first (they would be related to the most critical configurations you have)
This article will provide you a further explanation about vulnerability management:
- How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/
These materials will also help you regarding vulnerability management:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- ISO 27001:2013 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jan 21, 2021