Scan or Manage: Threats and Vulnerabilities


You buy a service from a vulnerability scanning company, check-off the box about managing Internet threats and vulnerabilities, and satisfy demands from auditors to implement a vulnerability management program, right?

Think again: this is exactly what 7-in-10 others are doing – and it’s not working!

It’s not working because:
– Minimum service levels and maximum acceptable risks remain undefined
– Less than half of the procedures to find vulnerabilities and threats are automated
– Less than on-third of the procedures to fix vulnerabilities are fully automated
– Many critical production systems remain uncovered
– Critical fixes and patches are mired by weeks-to-months long delays

When compared with peers and best performers, the impacts include: more difficulty with audits, more business downtime, higher theft and loss of sensitive information, and preventable damage to the brand and reputation of the organization.

The Assessments@ITPolicyCompliance enable you to determine how your practices for managing vulnerabilities and threats in IT compare with your industry, your peers and best performing organizations.

Visit: to find out more

The practices covered by the Vulnerability and Threat Management self-assessment include the percentage of IT assets that:

• Have antivirus updates consistently applied
• Are subject to vulnerability testing
• Are subject to penetration testing
• Are consistently patched and documented
• Have configuration settings and permissions consistently updated

In addition, the assessment is specific to your automation levels, days elapsed between vulnerability tests, revenue or agency budget, industry and locality.

Visit: to find out more

The intuitive risk-index of the Assessments@ITPolicyCompliance enables you to quickly identify changes to existing practices that will:
• Increase the value delivered by IT
• Reduce business downtime
• Reduce data loss or theft
• Reduce the time and money spent to pass and sustain audits

Who should be interested:
– managers in IT security and operations, audit, risk, and compliance

Time to value:
– minutes

Benchmark universe:
– more than 4,000 other organizations

Additional reading:

Why Automating Vulnerability Management Pays

Automation, Practice and Policy in Information Security for Better Outcomes


Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: