Focus First on Assets That Keep The Business Running
- A dialog with business stakeholders is important because vulnerability-management systems don’t understand the context of how assets are being used. Solutions that have a prioritization model and support business criticality of assets is needed.
- By getting business stakeholders involved in vulnerability discussions in business terms they understand, they can help drive remediation and advocate for additional resources needed to address a vulnerability.
“Regardless of vulnerabilities, start figuring out what is really important to the business. What really are the key assets that keep the company going, operationally and financially?”
The main reason for vulnerability management is that it’s not possible to remediate all the vulnerabilities for all the assets in an enterprise completely. It’s necessary to prioritize, yet for many companies, just knowing what assets they actually have can be a daunting task. Juan Morales, senior director of cybersecurity at residential real estate services company Realogy, recommends starting out by asking how you identify your critical assets. “Regardless of vulnerabilities, start figuring out what is really important to the business,” says Morales. “What is most impactful should it be exploited? What really are the key assets that keep the company going, operationally and financially?”