The aim of the program is not to just remediate vulnerabilities but to build resilience which can only be achieved with FnCyber vulnerability management solution mandates a strategy and advocates complete review of all the policies pertaining to Asset Provisioning and Deprovisioning, Change Control, Configurations and Exceptions. Thus, creating a repeatable lifecycle with identification, evaluation of vulnerabilities; establish priorities and remediate both internal and external vulnerabilities based on effort and risk. Upon maturity, the program transforms into Preventive Maintenance promoting Cybersecurity right from the Systems Design phase via Service Asset Configuration Management Baselines.
FnCyber’s Vulnerability Management takes a schematic approach; a schema with discovery, evaluation of assets and network configurations which reveal a great deal of technology landscape; when combined with risk rating along with the worth of business revenue being processed by the assets; categorizes inventory into critical / non-critical and approved / unapproved. Guided by the Principles of Security in Design and Configurations, inventory categories are reviewed with business and service owners to draft FnCyber Preventive Maintenance Charter which cures system vulnerabilities even before discovered by any vulnerability scanner.
The Program takes into account a Patch Management Policy derived with a mandate on Testing & Release of patches, Configuration versions, Backup & Restore and Auditability of Change Tasks. The status of vulnerabilities and preventive maintenance are constantly communicated to the respective business owners to ensure seamless remediation with minimum or no service disruption. Depending upon the organizations exposure to the public internet; a strategy needs to be devised explicitly for both internal and external vulnerability management to adopt and exercise appropriate risk mitigation techniques.