Aug 24 2009

Vulnerability management and regulatory compliance

Category: Security ComplianceDISC @ 8:09 pm

Threat and Vulnerability Management in the Ent...
Image by Michele Mondora via Flickr

Information security requirements are growing for financial, healthcare and government sectors. Especially a new ARRA and HITECH provision for HIPAA mandates compliance for business providers/vendors.
The business owners have seen growing number of government and industry specific regulations for protecting the confidentiality, integrity and availability of data from ever growing threat landscape. Now most of the regulatory compliance has some teeth, organizations who may not fully comply shall face serious penalties which include but not limited with fines, civil and criminal penalties.

Those days are gone when manual vulnerability management use to be sufficed to satisfy the auditors. Vulnerability management can assist management in operational compliance. Most of vulnerability management organizes vulnerabilities by severity level. Severity level is determined by business impact and how easily the attacker can exploit the vulnerability. Remediation can be prioritized based on the asset categorization. Asset categorization is based on company scale (L,M,H) which is associated with overall business impact of an asset to the company.
The best way to automate vulnerability management is to use software as a service (SAAS). SAAS vendor run their application on a secure server (web, database), which user operate with a web browser on a secure SSL connection. SAAS provider handles all the maintenance of SAAS infrastructure. Organization security staff can spend most of their time on remediation rather than running manual vulnerability management. Automated vulnerability management shows ongoing compliance with standards and regulations and provides documentation for audits.

Reblog this post [with Zemanta]

Tags: Security, Security Scanners, vulnerability

2 Responses to “Vulnerability management and regulatory compliance”

  1. Vulnerability management and regulatory compliance | DISC InfoSec blog | Hack In The Box says:

    […] this article: Vulnerability management and regulatory compliance | DISC InfoSec blog Share and […]

  2. Ethan says:

    More critical financial really need a good strong security information.

Leave a Reply

You must be logged in to post a comment. Login now.