If you say the words “vulnerability management” to most people, they’ll likely scratch their heads and look puzzled, even though it is a large part of information security. In the digital age, though, vulnerability management is absolutely vital to keeping data secure for an organization of any type or size. New threats to data security are emerging all the time as technology continues to develop, and it’s essential that people understand the importance of keeping their data secure. The term “vulnerability management” might seem intimidating, but the concepts behind it really are quite simple. Here’s how to explain vulnerability management to a nine-year old.
Any nine-year old can understand that unless he has a lock on his school locker, somebody could break into it and steal his belongings. By analogy, storage systems, the data, data security, and vulnerabilities could be represented as follows: The locker is the storage system, the student’s belongings are the actual data, the lock on the locker is the data security, and any weaknesses in the lock that could possibly allow people to break into the locker are the vulnerabilities. The process of vulnerability management could then be likened to making sure the lock on the school locker is doing its job given the threats that exist or could exist, and that the lock can continue to do its job.
Likewise, the concept of fire drills can be used to describe to a nine-year old another crucial aspect of vulnerability management. If a fire alarm goes off while students are in school, they go outside for a period of time. Most schools hold regular fire drills so that students can grow accustomed to getting out of the building in a calm and orderly fashion in the event of an actual fire. Fire drills can be likened to vulnerability management in that remediation is of utmost importance on discovering a vulnerability. If a vulnerability isn’t fixed when it’s found, then it constitutes a breach of diligence. Likewise, it’s a breach of diligence for schools not to have plans in place — such as fire drills — in case of emergencies.
There are many aspects to effective, ongoing vulnerability management. Security analysis and remediation methodology can be quite complex, since threats to data integrity are often complex. Vulnerability management is, though, at its core, so simple that a nine-year old can understand the basic concepts. Essentially, vulnerability management requires that analysts maintain a continually tight lock on organizational data and that they develop and keep current actionable emergency plans to deal with ongoing and emergent threats to that data.