Prioritization in Maturity Assessment VMMM
AND
CISv8 on IG1 Level - 07 Continuous Vulnerability Management
-
Divide vulnerabilities for 3 categories
1. Lack of patching : Easy to resolve by deploying patches 2. Vulnerabilities realted with weak or missconfiguration: Medium level to resolve by implementing configuration/Hardening standards. Examples of weak configuration: - Open permisions - Unsecured privilage access - Errors ( how they are handled) - Unsecure protocols - Default settings 3. Vulnerabilities realted with Cryptography : Require cryptography policy and information what type of data is on hosts -
Prepare lists of security control with could help mitigate detected vulnerabilities
-
Start proritizing vulnerabilities with are used by malwares or with public exploit you can also use CVSS calculator by adding supplemental and environmental scores CVSSv4 calculator . Example : - https://www.youtube.com/watch?v=x3wAINJF7UE - How to use CVSS