Minor Updates: Vulnerability Management Program Pack v1.2
10/24/2024
See UPDATES for a detailed list of changes since the initial release.
In this pack, we cover:
Vulnerability Level Definitions: This document outlines vulnerability severity levels to help your company consistently evaluate and prioritize discovered issues. It also provides standard remediation SLAs as a baseline for setting remediation expectations.
Vulnerability Reporting Requirements: This document describes the minimal information needed in a vulnerability report to support evaluation and prioritization. It also includes examples of automation that can be used to report vulnerability remediation expectations to risk owners.
Vulnerability Program Preparation Checklist: This checklist provides a step-by-step guide to researching, piloting, testing, and rolling out vulnerability tracking at your company. It also discusses examples of automation for tracking vulnerability ticket health and oversight.
Vulnerability Management Process Diagram: This diagram outlines the various steps to perform when automation runs, ensuring stakeholders are well-supported and ticket health is properly managed. It aligns with the content in the Vulnerability Program Preparation Checklist.
Vulnerability Management Runbook: This runbook contains the steps outlined in the process diagram as a checklist, with a strong focus on ticket health oversight and stakeholder support.
Vulnerability Management Metrics: This document outlines common, baseline metrics for managing vulnerabilities at your company.
GitHub: https://github.com/securitytemplates/sectemplates/tree/main/vulnerability-management/v1
Updates: https://github.com/securitytemplates/sectemplates/blob/main/vulnerability-management/v1/UPDATES.md
Vulnerability Management Announcement: https://www.sectemplates.com/2024/08/announcing-the-vulnerability-management-program-pack-10.html
Comments
You can follow this conversation by subscribing to the comment feed for this post.