IT 漏洞管理的综合方法 （David Frier）.pdf

《IT 漏洞管理的综合方法 （David Frier）.pdf》由会员分享，可在线阅读，更多相关《IT 漏洞管理的综合方法 （David Frier）.pdf（23页珍藏版）》请在三个皮匠报告上搜索。

1、PATCH YOUR SH!(Or,as it appears on the program:A Comprehensive Approach to IT Vulnerability ManagementA Comprehensive Approach to IT Vulnerability ManagementIn case you were wondering if you came to the wrong room)David C.Frier,RIMSDavid C.Frier,RIMS-CRMP,CISM,etc.CRMP,CISM,etc.Rochester Security Su

2、mmit 2024Rochester Security Summit 2024overviewThis is an Introduction to Vulnerability ManagementSpiced with some tips from my sliver of experience with VMVM is a continuous,proactive processabout this guyDavid C Frier,RIMS-CRMP,CISM,CISSP,CRISC,CCSKvCISO and Senior Cybersecurity Program Manager at

3、 Sedara.but Ibut I speak only for myself,speak only for myself,not fornot for SedaraSedara!0 x2d years into IT,0 x13 years into InfosecAvid player of poker.Orioles and Cubs fan.enthusiastic-if-slow rider of a Trek.None of the“usual”social media aside from LinkeDin,but I can be sighted in the Fediver

4、se(#checkin)about.me or wheretofind.megeekosaurussteps in vulnerability managementAsset InventoryNetwork ScopingInternal and External ScanningClassifying ResultsPrioritizing VulnerabilitiesRemediation AssignmentMeasuring&Reportingasset inventory(1/2)Identify all hardware and softwareDocument asset t

5、ypes and locationsAsset discovery toolsCMDBNmap,etc.Discovery scansasset inventory(2/2)Criticality ranking(business impact)Regular updates for accuracyEnsuring full scope for scanningnetwork scoping(1/2)Define internal/external network boundariesIdentify critical systems for scanningInclude servers,

6、endpoints,network devicesSegment your network however it makes sense for your orgStaff/team scope,or locations,or functionsnetwork scoping(2/2)Avoid unnecessary scans(non-critical assets)About end-user computersConsider network segments,subnets,firewallsMake sure your scanner can access everythingKe