nerdexam
(ISC)2

CISSP-ISSMP · Question #72

What are the steps related to the vulnerability management program? Each correct answer represents a complete solution. Choose all that apply.

The correct answer is A. Maintain and Monitor C. Define Policy D. Baseline the Environment. While program definitions vary in the industry, Gartner, a prominent IT Analyst company, defines six steps for vulnerability management programs. Define Policy: Organizations must start out by determining what the desired security state for their environment is. This includes det

Security Program Development

Question

What are the steps related to the vulnerability management program? Each correct answer represents a complete solution. Choose all that apply.

Options

  • AMaintain and Monitor
  • BOrganization Vulnerability
  • CDefine Policy
  • DBaseline the Environment

How the community answered

(55 responses)
  • A
    91% (50)
  • B
    9% (5)

Explanation

While program definitions vary in the industry, Gartner, a prominent IT Analyst company, defines six steps for vulnerability management programs. Define Policy: Organizations must start out by determining what the desired security state for their environment is. This includes determining desired device and service configurations and access control rules for users accessing resources. Baseline the Environment: Once a policy has been defined, the organization must assess the true security state of the environment and determine where instances of policy violations are occurring. Prioritize Vulnerabilities: Instances of policy violations are Vulnerability (computing). These vulnerabilities are then prioritized using risk and effort-based criteria. Shield - In the short term, the organization can take steps to minimize the damage that could be caused by the vulnerability by creating compensating controls. Mitigate Vulnerabilities: Ultimately, the root causes of vulnerabilities must be addressed. This is often done via patching vulnerable services, changing vulnerable configurations or making application updates to remove vulnerable code.

Topics

#Vulnerability Management#Security Program Development#Policy Definition#Environmental Baselines

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSMP Practice