FINAL WORD
Effective Vulnerability Management requires a team effort – Five tactical priorities for CIOs
Managing vulnerabilities should not only be the responsibility of the security team as it also requires an all-round team effort . Stephen Roostan , VP EMEA at Kenna Security , explains how CIOs and their teams should focus on five core tactical priorities .
CIOs work against the backdrop of constantly shifting priorities .
Not only must they help their organisations to grow and succeed , but they must also deal with a plethora of technology challenges with limited budgets and constant pressure to deliver . For example , protecting IT infrastructure and the enterprise stack from cyberthreats is a multifaceted issue all on its own .
But despite these responsibilities , Vulnerability Management ( VM ) is often quite low down on the list of CIO worries or is often viewed as something that the security team owns but passes over to the IT teams to fix . However , managing vulnerabilities is not only the responsibility of the security team , but it also requires an all-round team effort , based on cross-functional collaboration across the organisation and backed by intelligent technology tools . In particular , CIOs and their teams should rely on five core tactical priorities :
1 . Don ’ t try to fix everything
It ’ s no exaggeration to say that the average enterprise will have millions of Common Vulnerabilities and Exposures ( CVEs ). The sheer scale of the issue means that no organisation , no matter how well-determined or effective in its approach , can possibly deal with them all . Fortunately , not every vulnerability poses a specific risk to data , digital assets or the organisation in general , so many of them don ’ t need to be actively addressed .
In practical terms , less than 5 % of all CVEs pose a legitimate risk in that they are both observed within organisations and known to be exploited by ‘ bad actors ’. The problem is that many IT and security
84 INTELLIGENTCIO www . intelligentcio . com