This phase will allow you to develop processes and technologies that will be used to identify your organization's vulnerabilities on an ongoing basis. It includes evaluation of vulnerability scanning tools, penetration tests, third-party vulnerability sources, and security incidents all as ways to identify vulnerabilities.
- Assign responsibility for vulnerability management
- Review the inventory of assets
- Define vulnerability management scope and boundary
- Select and implement a vulnerability scanning tool
- Evaluate penetration testing
- Identify third-party vulnerability monitoring
- Develop incident process vulnerability detection