Infrastructure vulnerability management team has a lot of responsibilities but following are the core ones on which there cannot be any compromise:
1. Asset coverage ->
Vulnerability scanning should cover as many assets as possible
2. Vulnerability coverage ->
Ensure as many vulnerabilities are detected as possible (Hint - Authentication and fine tuned option/scan profiles)
3. Prioritization ->
Enrich vulnerability data with threat intel and asset context (Not all vulnerabilities are to be remediated)
4. Ensuring that reports reach all the relevant stakeholders ->
If platform teams do get reports then they cannot act
Now, why did I bring this up? In MNCs, higher management will try to put you under pressure by asking you to prepare various decks despite various dashboards being present in the tool itself. Reporting consumes a lot of time especially when different people in higher management need different reports for the same dataset.
Now, it is your responsibility to balance the pressure. Try to contribute as much as possible but remember there is a threshold. Whenever you observe that your core responsibilities have started lagging, clearly say 'NO' to such asks.
Yes, you heard me right. IVM team's runbook is like a constitution. Different people will reach out to you with different asks but we have to abide by a runbook which is agreed with the client.
Remember, vulnerability management does NOT mean to play with numbers, rather its intent is to reduce cybersecurity risk of an environment. I understand the commercial aspect of running a business/service but we cannot compromise on our core responsibilities.
In case of doubt, ask yourself, would you want to hold yourself responsible in case of a breach/cyberattack? If the answer is 'No' then there shouldn't be any compromise/negligence in your core responsibilities.
hashtag#VulnerabilityManagement hashtag#Cybersecurity
