Section 22.215 Vulnerability Response and Remediation Flashcards
Objective 4.3 Explain various activities associated with vulnerability management (6 cards)
Vulnerability Response and Remediation
Involves strategies and actions for identifying, assessing, and addressing vulnerabilities
■ Aims to mitigate risks associated with known vulnerabilities
Vulnerability Response and Remediation
Patching
Process of applying updates to fix software, system, or application vulnerabilities
■ Patches released by software vendors
■ End users must update their software to apply security patches
Vulnerability Response and Remediation
Insurance Policy
Procuring a cybersecurity insurance policy as a risk management strategy
■ Mitigates financial losses resulting from cyber incidents (data breach, network outage, business interruption)
■ Covers mitigation, remediation, recovery costs, legal fees, public relations, and customer notification
Vulnerability Response and Remediation
Network Segmentation
Dividing a network into smaller segments to improve performance and security
■ Isolates segments from each other to prevent threat propagation
Vulnerability Response and Remediation
Compensating Controls
Alternative security measures when standard controls cannot be effectively
implemented
■ Tailored to provide equivalent protection
Vulnerability Response and Remediation
Exception and Exemption
■ Exception: Temporarily relaxing or bypassing security controls or policies for operational business needs, with an understanding of associated risks
■ Exemption: A permanent waiver of security controls or policies due to specific reasons, often for legacy systems
