Key Program Metrics of Vulnerability Assessment

Vulnerability assessment is a process that defines, identifies, and classifies the security holes in a computer, network, or communications infrastructure. In addition, vulnerability analysis can forecast the effectiveness of proposed countermeasures and evaluate their actual effectiveness after they are put into use.
Vulnerability management program addresses the inherent problem associated with vulnerable software programs. These vulnerability if not checked and fixed may be exploited anytime thus giving unauthorised access to your organizations systems and networks, theft of your organizations confidential data, Regulatory/compliance violations and so on.

Key Program Metrics 

Mean time to resolve any reported vulnerability :

The time interval taken to remediate any vulnerabilities as reported by the VA tool

Remediation time for critical vulnerabilities :
This is the remediation time for vulnerability whose active exploits exist in the market and can have severe impact on the organization if exploited

# systems & applications not scanned for vulnerabilities :
This metrics will tell you the number of systems and applications which could become the entry point for hackers and they are never scanned for any vulnerabilities inside them. This is important because scanning only critical systems is not always safe, you have to scan systems & apps which are less critical and could be exploited.

# of vulnerabilities for which no patch is available :
This allows you to identify systems and applications for which you have to take extra care of or isolate since no patch is available to fix their vulnerabilities

# exceptions granted (Vulnerabilities) :
This metrics allows you to track the vulnerabilities which you may consider to be not critical and defer its remediation for the time being. You may set rules in your scanner to overlook such vulnerabilities but you have to track them for auditing and/or future actions

Do let me know if you want us to add or modify above information.

Check out the Vulnerability Assessment (VA) market within Product comparison platform to get more information on these markets

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)