Where do you stand?
There are differences between each of the high-profile hacks you’ve seen in recent headlines, but there are also a few consistent characteristics of the modern breach. Inevitably, we discover known software vulnerabilities were left unpatched, networks were exposed and critical assets were open to attack. This pattern is repeating itself because – across industries and sectors – threat and vulnerability management (TVM) programs are operating far below their potential, and many leaders don’t know how to take their programs to “the next level.” That’s why we created the five-level Threat and Vulnerability Management Maturity Model. It’s a significant departure from the popular approach to vulnerability management. In fact, today’s typical TVM program will be somewhere around level one or two in this Maturity Model. I am confident that by moving through this model, organizations will simultaneously
1) reduce risk exposure and the likelihood of a breach
2) gain ongoing visibility into true business risk, improving future decision-making
3) align IT, information security, and the rest of the organization in the direction of strategic business goals and
4) significantly increase operational efficiency. It’s not merely an ideal model from a security perspective; it’s a no-brainer for the business. This is not a product, and it's not something we're selling. It's a free resource we've created for the security community. So take a look and let me know what you think. Can you easily identify where your organization stands on the model, and next steps for advancing your TVM program? Looking forward to your thoughts and feedback!