ITM Tech Cybersecurity Essentials Booklet - Flipbook - Page 26
CONTROL 07
07 - Continuous Vulnerability
Management
Safeguards Total
7
IG1
4/7
IG2
7/7
IG3
THE SAFEGUARDS
7.1
7/7
Establish and Maintain a
Vulnerability Management
Process
Applications
Develop a plan to continuously assess and track vulnerabilities on all
enterprise assets within the enterprise’s infrastructure, in order to
remediate, and minimise, the window of opportunity for attackers. Monitor
public and private industry sources for new threat and vulnerability
information.
Why Is This CIS Control Critical?
Cyber defenders are constantly being
challenged from attackers who are
looking for vulnerabilities within their
infrastructure to exploit and gain access.
Defenders must have timely threat
information available to them about:
software updates, patches, security
advisories, threat bulletins, etc., and they
should regularly review their environment
to identify these vulnerabilities before the
attackers do. Understanding and managing
vulnerabilities is a continuous activity,
requiring focus of time, attention, and
resources.
Protect
7.2
Establish and Maintain a
Remediation Process
7.3
Perform Automated Operating
System Patch Management
Applications Respond
Applications
Protect
7.4
Perform Automated
Application Patch Management
7.5
Perform Automated
Vulnerability Scans of Internal
Enterprise Assets
Applications
Protect
Applications Identify
7.6
Perform Automated
Vulnerability Scans of
Externally-Exposed Enterprise
Assets
Applications Identify
7.7
Remediate Detected
Vulnerabilities
Applications Respond
Attackers have access to the same
information and can often take advantage
of vulnerabilities more quickly than an
enterprise can remediate.
26
Did You Know?
One of the main points of entry used by threat actors is to exploit unpatched vulnerabilities
within systems. According to one survey from the Ponemon Institute, 60% of breaches in
2019 involved unpatched vulnerabilities.
1
2
3
4
5
Asset Type Security Function
1= Asset Type
2= Security Function
3= Implentation Group 1
4= Implentation Group 2
5= Implentation Group 3
