Back to Main Navigation

PREDICT EXPLOITS

REDUCE COSTS

PREDICTION FOR THE CLOUD

ADVANCED CAPABILITIES

Back to Main Navigation

Resources

Predictive Threat Assessment Sign Up

Watch Now

PR1ORITY Product Demo
Back to Main Navigation

About CYR3CON

Come Join Us

CYR3CON is always looking for top talent to join our team.
View Openings
Back to Main Navigation

Take the next step to be in the know, now.

Complete the form and a member of the CYR3CON team will contact you shortly to discuss your cyber security needs.

Contact Form

Blog

The Intersection of Risk Management and Vulnerability Management

Posted by Paulo Shakarian on Nov 4, 2020 7:46:32 PM

Today’s video concerns the intersection of risk management and vulnerability management. We start by taking a look at NIST 800-30’s guidelines on risk assessment – and its four major components: 

  1. Identify relevant threats 
  2. Identify relevant vulnerabilities 
  3. Assess impact (harm) to the organization 
  4. Assess the likelihood that the harm will occur 

We review who, at least in an ideal world, in an organization is responsible for each of these facets in the vulnerability management process. 

Lastly, we take deeper look at how vulnerability management teams use intelligence to assess the likelihood of a threat and the common methods we’ve seen used in the industry including CVSS scoring, an exploit-focused approach, and a threat-intelligence focused approach. 

Risk Assessment and Vulnerability Management Part 1

 

CYR3CON’s CyRating® - available in our PR1ORITY product - allows vulnerability management teams to address problems around threat identification and computation of likelihood of threat at scale for the enterprise.

 

 

Topics: Cybersecurity, Risk Management, Vulnerability Management