Security News > 2020 > September > Cybersecurity: How to properly perform vulnerability assessments in your organization
Instead of waiting to become a victim and reacting to it, a more proactive approach is to regularly perform vulnerability assessments of the devices and services on your network to obtain reports on what issues are found, their degree of severity, and what steps must be taken to correct these vulnerabilities.
Moving forward with critical assessments will come after all device data has been obtained using a mix of general-purpose vulnerability assessment tools and specialized ones, as needed.
No two assessments are alike, so what tools are used, how they're configured, and how the assessment process is carried out will vary greatly on a number of internal and external factors.
With the assessments complete and verified, and reports generated, stakeholders should reconvene to perform risk assessments of devices with vulnerabilities to determine how to proceed with correcting issues, understanding the risk and choosing to leave affected device(s) as-is, immediately discontinuing use of devices and services, or implementing third-party solutions to replace existing ones.
Depending on the needs of the company and corporate policies, including regulation requirements, it is highly advisable for an ongoing strategy to be implemented that will conduct regularly scheduled assessments of the security posture to determine not only where issues may exist, but how they are to be corrected in the future.