DJames617 The DoWell Nerd

CYSA+ study area.

Adventures in Cybersecurity: Chapter 3.

Vulnerability management, baselines, patching, hardening, and risk handling.

Home Keep going
Notes beat mystery

Notes

Study material that needed a place to live.

Present me looking out for future me. Future me loses handwritten notes.

Vulnerability assessment

Vulnerability management works through a formal process called vulnerability assessment and ties directly into risk management. Asset criticality matters because not every system fails with the same blast radius.

Scanner outcomes

  • False positive: scanner finds a vulnerability that does not exist.
  • True positive: scanner correctly identifies a vulnerability.
  • False negative: scanner misses a vulnerability that exists.
  • True negative: scanner correctly determines a vulnerability does not exist.

Patch lifecycle

  1. Determine priority and schedule deployment.
  2. Test the patches.
  3. Ensure the patches work properly.
  4. Deploy to the live environment.

Risk handling

  • Transfer: pass the risk to a third party.
  • Mitigate: reduce risk to an acceptable level.
  • Avoid: terminate the risky activity or choose another path.
  • Accept: understand the risk and live with it intentionally.

Chapters

Keep moving.

The chapters are connected. So are most problems once you pull enough thread.

Chapter 1 Chapter 2 Chapter 3 Chapter 4