How often should you perform enterprise vulnerability assessments?
The similarities between “baking” and “security” may not be apparent at first glance. Some ingredients that go into both aren’t immediately identifiable in the finished product. Like the famous InfoSec saying goes, you can bake a cake without sugar and no one will notice—until they actually try it.
The same goes for when IT security is applied as an afterthought: a vulnerability assessment will help your enterprise understand where security is a missing key ingredient, and how to refactor your applications and infrastructure to address it. To fully assess your IT infrastructure’s vulnerabilities and gaps, and know where security is baked in or has become an afterthought, start with these steps:
- Understanding your business processes
- Identifying the applications and programs that map to these business processes
- Identifying all devices being used to access sensitive enterprise data
- Running vulnerability scans across infrastructure, applications, and devices
This sequence will help you identify security gaps and allow you to address them, but only for that point in time. As time goes on, things change and new gaps and vulnerabilities develop. As a result, some organizations run vulnerability assessments periodically, such as once per quarter or even once per year. This may be due to cost concerns or performance impact. However, to be truly protected, assessments should be performed continuously and holistically. Security automation can help your enterprise stay protected, both cost-effectively and efficiently.
Read the entire article here, How often should you perform enterprise vulnerability assessments?
via the fine folks at HP Enterprise.