-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

A CISO Guide to Cyber Resilience
By :

Vulnerability prioritization is the only way to properly deal with the enormous number of vulnerabilities that are published on a daily basis. Just because a CVE is rated as a 10 doesn’t necessarily mean that it is the highest priority to remediate at your company. I know this seems counter-intuitive, but there are several factors you need to take into account when prioritizing vulnerabilities:
CISA created a known exploited vulnerability catalog that is invaluable when deciding which vulnerabilities to patch and by when. Essentially, when it’s discovered that hackers are exploiting a specific vulnerability, CISA will add it to the catalog with a due date. As you can see in Figure 8.3, CISA has the CVE ID, vendor, description, action to take, and due date. The due date is critical and needs...
Change the font size
Change margin width
Change background colour