Vulnerability Management

As old as the threat of danger itself, vulnerability management (VM) has been the responsibility of leaders in every human organization, from tribes and fiefdoms right up through modern multinationals. Today, the focus of vulnerability management is still on infrastructure, but as knowledge is power and the lifeblood of any organization is its capacity for quick system-wide response, current emphasis needs to be placed on maintaining the integrity of IT applications, so critical to the real and the virtual infrastructure and productivity of any community or business entity.

Written by international security consultant Park Foreman, Vulnerability Management demonstrates a proactive approach. Illustrated with examples drawn from more than two decades of multinational experience, Foreman demonstrates how much easier it is to manage potential weaknesses, than to clean up after a violation. Covering the diverse realms that chief officers need to know and the specifics applicable to singular areas of departmental responsibility, he provides both the strategic vision and action steps needed to prevent the exploitation of IT security gaps, especially those that are inherent in a larger organization. Providing a fundamental understanding of technology risks from an interloper’s perspective, this efficiently organized work:

• Offers the guidance you need to develop and personalize your own VM management program
• Goes far beyond the obvious to cover those areas often neglected, as well as those that are actually less secure than they might appear
• Demonstrates a host of proven methods to assess and reduce the potential for exploitation from within and without
• Provides detailed checklists used by the author

Throughout history, the best leaders not only responded to manifested threats but anticipated and prepared for potential ones that might overtly or insidiously compromise infrastructure and the capacity for productivity. Great vulnerability management is often hard to quantify, as the best measure of its success is that which never happens.

About the Author

Park Foreman is the global information security director at GroupM. He has worked in information technology for more than 20 years and is an expert in information security strategy and process. As a consultant, he has helped financial and telecommunications companies achieve a variety of security objectives. He has worked for the past eight years designing, implementing, and managing security architectures for Fortune 100 companies. He started in IT in 1976 as a self-taught single-board computer designer for coding systems translation, and worked his way through college as a programmer, completing a thesis in operating systems security models in 1986. During his career, he spent 10 years in systems development and architecture working as a programmer and systems analyst/architect, and then went to Bell Laboratories to manage application development for network provisioning systems. While specializing in security architecture and operations, Park has worked in some of the largest security operations centers in the world, including AT&T as Security Center of Excellence. He has published articles forInternet Protect and the ISSA Journal .He is an author of articles on a variety of information security topics and consults with security groups globally.