Vulnerability management frameworks
1. Vulnerability management frameworks
Knowing what to watch for will make you more effective in the security world. As a cloud security professional, you’ll need to stay up-to-date on vulnerabilities and threats. In this video, you’ll learn about the specific types of organizations that work to identify, research, and classify vulnerabilities, and how those organizations share the information with the public. MITRE is a not-for-profit organization that conducts research to support government agencies in several fields, including cybersecurity. MITRE created and maintains a standard naming system for vulnerabilities called the CVE system. MITRE assigns an identifier including the letters CVE, the year, and a unique number to each vulnerability. These identifiers make it easier to share information about vulnerabilities. The National Vulnerability Database, or NVD, is a publicly accessible repository of data about known system and software vulnerabilities created and updated by the National Institute for Standards and Technology, or NIST. The NVD is updated regularly with information from researchers, vendors, and other security organizations. There are many uses for the NVD, including vulnerability management, security measurement, and compliance. The vulnerabilities in the NVD are categorized based on their unique CVE numbers. The NVD also contains information about vulnerabilities’ severity, whether fixes or patches have been created to address them, and how much potential they have to affect systems. The Open Web Application Security Project, or OWASP is a foundation that creates guidelines and frameworks for securing software. The OWASP Top Ten is a regularly updated report of critical security risks for web applications. OWASP created the Top Ten by researching common risks that make it easier for attackers to target web applications, like misconfigured security settings, or insecurely designed applications. Cloud security analysts use the Top Ten to guide their security testing efforts, minimize vulnerabilities in cloud environments, and assess risks. A lot of web application firewalls are designed to address Top Ten vulnerabilities. Now that you understand more about how vulnerabilities are classified, you’re ready to stay up-to-date on the latest updates throughout your cloud security career. Stay curious and be open to learning new things.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.