Originally from David’s Linkedin:
Chapter 3 of Tetra’s 20 for 2020 is coming at you live(ish) from Minneapolis: “Nothing is Secure Forever”.
Today we’re talking about the Center for Internet Security‘s third control: continuous vulnerability management (we’ll just call it CVM). Information security, like cyber insurance, has a tendency to make things sound more complicated than they need to be. CVM just means that you have some process in place to identify new vulnerabilities that arise within your systems, to assess the potential impact of those vulnerabilities, and remediate as appropriate.
Your systems don’t exist in a vacuum; they won’t change unless you change them. And since the cybersecurity environment in which they exist is changing constantly, CVM is a foundational aspect of any information security program.