Project 3: Ongoing Assessments of Attack Surfaces
After completing a risk assessment and threat modeling you now have a prioritized list of actions that need to be taken. However, new vulnerability reports are released every day and organizations need to stay abreast of the latest threats to their environment.
The easiest way to accomplish this is by performing ongoing vulnerability assessments of external, internal, and web-based applications. Not only does this provide you with a roadmap for mitigation; it also provides metrics that are useful to show progress and return on investment.
These assessments are usually performed by a third-party vendor that possesses the proper tools and skill set to effectively evaluate your network.
Assessment activities should include vulnerability assessments, penetration tests, and application assessments. Be certain that the assessment reports contain detailed mitigation strategies.
If the vendor is only telling you what the problem is, but not how to fix it, you're not getting a return on your investment.
