Management
Version: 1.0
Issue date: 11/10/17
Project Plan
Client: Organization A
Version: V1.0
Distribution: N/A
<Title / Name>N/A.
Page i
Document title: Project Plan Project name: Vulnerability
Management
Version: 1.0
Issue date: 11/10/17
Amendment History
Version Issue Date Changes
V1.0 11/10/201> Initial version.
Page ii
Document title: Project Plan Project name: Vulnerability
Management
Version: 1.0
Issue date: 11/10/17
Table of Contents
1 INTRODUCTION...................................................................................................................... 1
1.1 VULNERABILITY MANAGEMENT AND ITS IMPORTANCE............................................................1
2 SCOPE OF THE PROJECT..................................................................................................... 2
2.1 MAINTAINING AN ASSET INVENTORY.....................................................................................2
2.2 ASSESSING RISK LEVEL OF ASSETS AND VULNERABILITIES.......................................................2
2.3 PERFORMING VULNERABILITY ASSESSMENTS........................................................................3
2.4 TRACKING REMEDIATION AND REPORT STATUS......................................................................3
3 SCANNER SELECTION PROCESS........................................................................................ 4
4 ROLES AND RESPONSIBILITIES.......................................................................................... 5
5 COMMUNICATIONS PLAN................................................................................................... 6
6 Step-by-Step process.................................................................................................................. 7
Page iii
Document title: Project Plan Project name: Vulnerability
Management
Version: 1.0
Issue date: 11/10/17
1 Introduction
Page 1
Document title: Project Plan Project name: Vulnerability
Management
Version: 1.0
Issue date: 11/10/17
The only way to properly secure a system is to first assess the existing vulnerabilities on
each machine, determine the degree of risk for each machine's vulnerability, and then
remediate (fix) the vulnerabilities. Vulnerability management provides a holistic solution
to security threats by handling vulnerabilities throughout the entire lifecycle. Lifecycle
includes
Best practices:
Establish a single point of authority for the inventory
Get the word out! If the process is being improved or is completely new, end users
and support staff will need to know who to notify when something changes.
Update inventory management systems via change management processes.
Use an asset numbering scheme and use consistent abbreviations and notations
when entering data.
Validate the inventory annually
Page 2
Document title: Project Plan Project name: Vulnerability
Management
Version: 1.0
Issue date: 11/10/17
vulnerability. For the smaller organization, this data can be fairly easy to collect and
document.
Best Practices:
Checklists to help with predictable risk
Defense-in-Depth approach.
Test new checks in a lab to recognize any false positives, false negatives,
and potential administration disturbances.
Page 3
Document title: Project Plan Project name: Vulnerability
Management
Version: 1.0
Issue date: 11/10/17
Page 4
Document title: Project Plan Project name: Vulnerability
Management
Version: 1.0
Issue date: 11/10/17
Page 5
Document title: Project Plan Project name: Vulnerability
Management
Version: 1.0
Issue date: 11/10/17
5 Communications Plan
To be developed..
Page 6
Document title: Project Plan Project name: Vulnerability
Management
Version: 1.0
Issue date: 11/10/17
6 Step-by-Step process
Page 7
Document title: Project Plan Project name: Vulnerability
Management
Version: 1.0
Issue date: 11/10/17
address can take between a few minutes to a few hours. In case it is unclear how
long a certain scan could last, it is recommended to perform a test scan on a
similar test environment. This will provide an estimate on long these scans will
take and their impact on the network.
Page 8