The Intersection of Risk Management and Vulnerability Management

Today’s video concerns the intersection of risk management and vulnerability management. We start by taking a look at NIST 800-30’s guidelines on risk assessment – and its four major components: 

  1. Identify relevant threats 
  2. Identify relevant vulnerabilities 
  3. Assess impact (harm) to the organization 
  4. Assess the likelihood that the harm will occur 

We review who, at least in an ideal world, in an organization is responsible for each of these facets in the vulnerability management process. 

Lastly, we take deeper look at how vulnerability management teams use intelligence to assess the likelihood of a threat and the common methods we’ve seen used in the industry including CVSS scoring, an exploit-focused approach, and a threat-intelligence focused approach. 

Risk Assessment and Vulnerability Management Part 1


CYR3CON’s CyRating® - available in our PR1ORITY product - allows vulnerability management teams to address problems around threat identification and computation of likelihood of threat at scale for the enterprise.