Latest Research

INF & OPS Nov 30, 2023

Align Backups With Your Data Protection Requirements

Making a copy of your data does not always result in data protection.

CIO & STRATEGY Nov 29, 2023

Develop Your IT Leadership Team’s Financial Literacy

Start thinking and talking like a business leader.

INF & OPS Nov 29, 2023

Implement Hardware Asset Management

Build a process to track assets across their entire lifecycle.

INF & OPS Nov 22, 2023

Build a Service Desk Consolidation Strategy

A consolidated service desk not only drives more efficient service but is the foundation for optimization and innovation.

APPLICATIONS Nov 17, 2023

Get Started With AI in Requirements Management

Leverage AI to improve your requirements practices, not replace them.

INDUSTRY COVERAGE Nov 16, 2023

Use Artificial Intelligence and Machine Learning to Improve Population Health Outcomes

A high-level AI primer for public health practice.

INDUSTRY COVERAGE Nov 15, 2023

The New Power of Accountable Care Organizations

The role of health insurance payers, healthcare services providers, and public health organizations in the migration from fee-for-service to value-based care in pursuit of Quadruple Aim optimization.

DATA & BI Nov 14, 2023

Business Intelligence and Analytics Platform Selection Guide

Accelerate the process of building your business case and selecting your business intelligence and analytics solution.

CIO & STRATEGY Nov 14, 2023

Build a Regular CEO IT Update Package

Be prepared for your most important meetings with your most important stakeholder.

INDUSTRY COVERAGE Nov 13, 2023

Define Your Cloud Vision for Federal Government

Define your cloud vision before it defines you.

See all new content

Implement Risk-Based Vulnerability Management

Get off the patching merry-go-round and start mitigating risk!

Book This Workshop
Implement Risk-Based Vulnerability Management visualization

Without an effective vulnerability management program, organizations face:

  • Vulnerabilities going undetected and becoming exploited by attackers.
  • The list of vulnerabilities seems endless, and you don’t know where to start.
  • Your vulnerability tool reports the urgency of certain vulnerabilities to be high, but you know otherwise that they might not be as critical as what the tool is reporting.
  • You are being told that everything must be patched, however, you know that that is not possible for feasible. Patching can also break things.

Using Info-Tech’s methodology for vulnerability management, you will:

  • Develop a structured, consistent way to remediate vulnerabilities.
  • Understand the risk that certain vulnerability types pose to your organization, within the proper context of your business.
  • Gain insight around remediation methods that do not include patching, especially when patching is not possible or cannot be done in a timely fashion.
  • Develop a process that can withstand audit and makes good business sense.

Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book Now

Member Rating

9.3/10
Overall Impact

$123,047
Average $ Saved

30
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

Module 1: Identify Vulnerability Sources

The Purpose

  • Establish a common understanding of vulnerability management, and define the roles, scope, and information sources of vulnerability detection.

Key Benefits Achieved

  • Attain visibility on all of the vulnerability information sources, and a common understanding of vulnerability management and its scope.

Activities: Outputs:
1.1 Define the scope & boundary of your organization’s security program.
  • Defined scope and boundaries of the IT security program
1.2 Assign responsibility for vulnerability identification and remediation.
  • Roles and responsibilities defined for member groups
1.3 Develop a monitoring and review process of third-party vulnerability sources.
  • Process for review of third-party vulnerability sources
1.4 Review incident management and vulnerability management
  • Alignment of vulnerability management program with existing incident management processes

Module 2: Triage and Prioritize

The Purpose

  • We will examine the elements that you will use to triage and analyze vulnerabilities, prioritizing using a risk-based approach and prepare for remediation options.

Key Benefits Achieved

  • A consistent, documented process for the evaluation of vulnerabilities in your environment.

Activities: Outputs:
2.1 Evaluate your identified vulnerabilities.
  • Adjusted workflow to reflect your current processes
2.2 Determine high-level business criticality.
  • List of business operations and their criticality and impact to the business
2.3 Determine your high-level data classifications.
  • Adjusted workflow to reflect your current processes
2.4 Document your defense-in-depth controls.
  • List of defense-in-depth controls
2.5 Build a classification scheme to consistently assess impact.
  • Vulnerability Management Risk Assessment tool formatted to your organization
2.6 Build a classification scheme to consistently assess likelihood.
  • Vulnerability Management Risk Assessment tool formatted to your organization

Module 3: Remediate Vulnerabilities

The Purpose

  • Identifying potential remediation options.
  • Developing criteria for each option in regard to when to use and when to avoid.
  • Establishing exception procedure for testing and remediation.
  • Documenting the implementation of remediation and verification.

Key Benefits Achieved

  • Identifying and selecting the remediation option to be used
  • Determining what to do when a patch or update is not available
  • Scheduling and executing the remediation activity
  • Planning continuous improvement

Activities: Outputs:
3.1 Develop risk and remediation action.
  • List of remediation options sorted into “when to use” and “when to avoid” lists

Module 4: Measure and Formalize

The Purpose

  • You will determine what ought to be measured to track the success of your vulnerability management program.
  • If you lack a scanning tool this phase will help you determine tool selection.
  • Lastly, penetration testing is a good next step to consider once you have your vulnerability management program well underway.

Key Benefits Achieved

  • Outline of metrics that you can then configure your vulnerability scanning tool to report on.
  • Development of an inaugural policy covering vulnerability management.
  • The provisions needed for you to create and deploy an RFP for a vulnerability management tool.
  • An understanding of penetration testing, and guidance on how to get started if there is interest to do so.

Activities: Outputs:
4.1 Measure your program with metrics, KPIs, and CSFs.
  • List of relevant metrics to track, and the KPIs, CSFs, and business goals for.
4.2 Update the vulnerability management policy.
  • Completed Vulnerability Management Policy
4.3 Create an RFP for vulnerability scanning tools.
  • Completed Request for Proposal (RFP) document that can be distributed to vendor proponents
4.4 Create an RFP for penetration tests.
  • Completed Request for Proposal (RFP) document that can be distributed to vendor proponents

Book this workshop now to accelerate your IT projects

Book Now
Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
© Info-Tech Research Group | Terms of Use | Privacy Policy