In this video, Lora Vaughn McIntosh shares the importance of reporting to the vulnerability management process. Learn about the best time to use different report types.
- [Instructor] Once you've run a vulnerability scan,…you need a good way to analyze the data,…and that's where reporting comes in.…Without reporting, you're limited to using…your scan engine's web interface to click through…what could end up being thousands of vulnerabilities…on thousands of systems, not ideal.…Reports come in all kinds of shapes and sizes,…and they depend on individual scan engines.…But, all scan engines have a few basic types of reports…that can be used for different purposes and audiences.…
Typically, you'll find three main types of report,…Executive Summary, General Summary, and Detail.…Each type serves a distinct purpose for a specific audience.…The simplest and highest level report…is the Executive Summary Report.…Like the name, this is really for your Executives,…or to give non-technical people an idea…of just how good or bad…the company's vulnerability status is.…Most of these reports have some pretty charts or graphics,…and they summarize large quantities of data…into easily digestible information.…
- What's a vulnerability and why do they exist?
- Main sources for vulnerability data
- Prioritizing vulnerabilities
- The industry standard for vulnerability risk scoring
- How regulations can impact vulnerability management processes
- How compensating controls affect vulnerabilities
- Vetting false positives
- Confirming remediation
- Building a vulnerability management program