This phase will allow you to develop processes and technologies that will be used to identify your organization's vulnerabilities on an ongoing basis. It includes evaluation of vulnerability scanning tools, penetration tests, third-party vulnerability sources, and security incidents all as ways to identify vulnerabilities.
This phase will take you through the following:
- Assign responsibility for vulnerability management
- Review the inventory of assets
- Define vulnerability management scope and boundary
- Select and implement a vulnerability scanning tool
- Evaluate penetration testing
- Identify third-party vulnerability monitoring
- Develop incident process vulnerability detection
Use this phase as part of the full blueprint, Design and Implement a Vulnerability Management Program.