Vulnerability Management Life Cycle

1. Creating Baseline

In this phase, the following activities take place: defining the effectiveness of the current security measures and procedures, ensuring that nothing in the scope of information security management system is overlooked, working with management to set goals with a timeframe to complete them, and getting written approval prior to beginning any assessment activity.

2. Vulnerability Assessment

In this phase, a vulnerability scan will be performed to identify vulnerabilities in the OS, web application, webserver, and other services. This phase helps identify the category and criticality of the vulnerability and minimizes the level of risk. This is the step where penetration testing begins.

3. Risk Assessment

In this phase, risks are identified, characterized, and classified with risk control techniques.Vulnerabilities are categorized based on impact level (like Low, Medium, High). This is where you have to present reports that identify problems and the risk treatment plan to protect the information.

4. Remediation

Refer to performing the steps that are used to mitigate the founded vulnerabilities according to impact level. In this phase, the response team designs mitigation processes to cover vulnerabilities.

5. Verification

This phase helps verify whether all the previous phases were properly employed or not. It is also where the verification of remedies is performed. This is where you show verifiable evidence that your risk treatment plan was effective and corrected issues.

6. Monitor

It’s important to remember that after a while, measures that protected the company need to be closely monitored and kept up to date via a regular vulnerability management plan. Incident monitoring is performed using firewall, IDS/IPS, or SIEM tools.