Full width home advertisement

Post Page Advertisement [Top]

Hello,

I'm an IT Auditor working on assessing the effectiveness on an internal vulnerability tool for a client.

IT Auditors are not technical and do not perform any hands on work, our job is to ensure reasonable assurance that the tool is configured properly and used effectively.

I've got a good understanding on what a standard configuration should be (e.g. Daily/weekly scans over in scope hosts). However, everytime I request evidence of scans I see thousands of vulnerabilities each week. There is a CVSS ranking for each vulnerability and typically I'm concerned with High and Criticals Vulns where i would expect these issues to be documented and remediated through ticketing systems.

My question: For those working on remediating vuln issues, how do you analyze the scan results and make judgements on what is a serious threat and what is ignored (e.g. Legacy system vuln can't be resolved due to limitations)? It's impossible to run through these results individually on a weekly basis without missing critical items that might be ignored. Just looking for some thoughts on here on how to better assess vuln tools and scans. submitted by /u/Obsidianc21
[link] [comments]


http://dlvr.it/T2LWwl

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();

Bottom Ad [Post Page]

Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib