TABLE OF CONTENTS This book is not your typical information technology (IT) security book. Even though the authors of this book have technical backgrounds and have worked on such best-selling titles as Syngress Hack Proofing Your Network, this book integrates the technical aspects of vulnerability management into the management of your business. Although it is important to be up on all the latest hacking methods, this knowledge is valuable only if you can tie the threats imposed by hackers to the risks these threats pose to your organization. This book will give you the tools to do just that.
Specifically, this chapter will address vulnerabilities and why they are important. We will also discuss a concept known as Windows of Vulnerability, and we will talk about how to determine the risk a given vulnerability poses to your environment.
So, what are vulnerabilities? In the past, many people considered a vulnerability to be a software or hardware bug that a malicious individual could exploit. Over the years, however, the definition of vulnerability has evolved into a software or hardware bug or misconfiguration that a malicious individual can exploit. Patch management, configuration management, and security management all evolved from single disciplines, often competing with each other, into one IT problem known today as vulnerability management.
| Note | Throughout this book, we will reference vulnerabilities by their CVE numbers. CVE stands for Common Vulnerabilities and Exposures, and a list of CVE numbers was created several years ago to help standardize... |
