Manager Task #3: Mastering Vulnerability Assessments

Today’s task involves reviewing another key IT policy and procedure that, as a manager, you are responsible over. Become a master of vulnerability assessments and processes.

December 4, 2017

About This Challenge

Today, we’ll continue our policy review of your IT department. Many organizations do not have adequate policies or haven’t reviewed and updated them regularly. Add regularly checking your Vulnerability Management and Vulnerability Assessment policies to your to-do list.

We recently discovered that one of our clients was only vulnerability scanning against 66% of their Internet-facing hosts. It’s simply not acceptable to check only 66% of your systems for missing patches and bad passwords. Unless you’re ok with 34% of your systems inviting in hackers.

Disclaimer: Ensure any activities undertaken on your work network are allowed by your corporate policy and approved by management at your organization.

Follow The Instructions To Complete Today’s Network Defender Task:

Feel free to download the PDF version of the directions for your review.

Download PDF

Yesterday’s change management policy and today’s vulnerability assessment review go hand-in-hand. For example, new systems should be brought online as part of change management. The process to bring a new system online should include a vulnerability scan.

These policies are in place to ensure, for instance, that servers are patched in a timely manner. Do your policies comply with regulations you may be under, such as PCI or HIPAA?

To complete this task, answer the following questions:

1. Does your organization have a documented Vulnerability Assessment and Management process?

2a. If not, look for a template online – SANS.org is a good source, and draft a policy and process that’s implementable in your organization.

2b. If so, compare it against some templates online. Is it complete? Up to date, and accurate? Do you comply with all regulations?

3. If your team trained in this process and policy?

Bonus points:

Consider drafting a revision document process and getting it formally approved by your organization.

Once You’ve Completed This Task Click This Button.

I Completed This Task

If your company will not allow you to perform the above task. Please read this security article and click the button above.

IT Security Training To Prepare You For War

Loving The Challenge And Want More Great StormWind Content? Contact Us To Schedule A Security Training Consultation

First Name

Last Name

Email

Company

Job Role:

Phone Number

Why Over 100,000 Techs Believe In StormWind Studios

StormWind Studios is to IT training what George Lucas is to Star Wars. We take industry experts, add serious special effects, and deliver the most exciting, compelling live IT training on the planet – see for yourself during our Network Defender 5-Day Challenge

Signing up for Stormwind is one of the best education decisions I've made and I strongly recommend them to anyone interested in studying IT.

Jon Lincoln

One of the coolest parts about this course (CEH) was that lectures were recorded daily, so you could make up any missed time without a lot of headache or heartache. I just took the Certified Ethical Hacker test, and I’m pleased to say that I passed on the first try.

Dave Cork

I took StormWind classes and labs- absolutely OUTSTANDING! I did those just prior to going for my certification exam and passed it with a 923 out of 1000.

Ron Marx

It has made a sizable impact with our company, our offerings to our client base, and my personal career. I am looking forward to this new position with my employer in San Antonio, thanks to StormWind.

Mike Lind