IFSECInsider-Logo-Square-23

Author Bio ▼

IFSEC Insider, formerly IFSEC Global, is the leading online community and news platform for security and fire safety professionals.
August 24, 2008

Nothing found. Please check your show/episode id.

Download

State of Physical Access Trend Report 2024

Aberdeen Group confirms value of serious vulnerability management

The research shows that top performing companies estimate an impressive 91% marginal return on investment, based on a comparison of total vulnerability-related costs avoided with the total cost of their vulnerability management activities.

Vulnerability management is a necessary function for any organisation with business operations that involve Internet-facing networks, computers and application software. With an average of over 120 new threats and vulnerabilities emerging every week, it must be accepted as essential.

Efficiency and cost-effectiveness

Aberdeen’s research confirms that the best results are achieved by making it as efficient and cost-effective as possible:

  • not all vulnerabilities and threats need to be identified and tracked, just those that are relevant to the organization’s IT assets
  • not all vulnerabilities and threats have to be addressed with the same degree of urgency – prioritisation should be determined based on the level of risk and the business value of the IT assets in question
  • not all remediation needs to be based on deployment of software patches or configuration updates (although these processes should be automated to a much higher degree than that currently indicated by the research)
  • compensating controls can also be considered in circumstances other than those where no patches or updates are available

Reduce the costs involved with threats

“Aberdeen’s research confirms that improving capabilities in assessing, prioritising and remediating threats and vulnerabilities pays off in two ways,” said Derek Brink, vice-president and research fellow for IT security at Aberdeen. “First, it reduces the costs inflicted by the flood of new threats and vulnerabilities that emerge on a weekly basis. Second, it reduces the total cost of vulnerability management, which frees up precious resources to invest in more strategic IT initiatives.”

Companies should also accept that vulnerability management is a never-ending process, and that the cycle of ‘assess, prioritise, remediate’ must be continuously repeated. Through better security governance (allocation of limited IT resources) and risk management (prioritisation based on business value and the organization’s appetite for risk), Best-in-Class performance in vulnerability management frees up limited IT resources to invest in projects more directly tied to the ‘rewarded risks’ of innovation and strategic growth.

“The Aberdeen report confirms that critical tasks such as vulnerability assessment, patch management and configuration management continue to be complex and time-consuming,” said Mark Shavlik, CEO at Shavlik Technologies. “Essentially, if security management is too difficult and resource-intensive, it doesn’t ‘happen’ and, therefore, the organisation is ultimately putting its network at risk. Leading organisations understand that there’s value in investing in technologies to automate these complicated and resource-intensive tasks.”

About the Aberdeen Group

A Harte-Hanks company, Aberdeen is a leading provider of fact-based research and market intelligence. Having benchmarked more than 30,000 companies in the past two years, Aberdeen is uniquely positioned to educate users to action: driving market awareness, creating demand, enabling sales and delivering meaningful return-on-investment analysis.

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted