Vulnerability assessment has been a security requirement for every major regulatory agency over the last 15 years. Yet, time and again, after-incident reports reveal that costly breaches, causing millions of dollars in damage, are a result of known vulnerabilities that went unpatched due to a lack of connection to business criticality.

In this whitepaper written by SANS security expert, John Pescatore, you’ll learn how to avoid this “lack of context” trap by adopting a risk-based approach to vulnerability management. Reading this paper will help you answer several key security questions including:

• How do I measure the business risk underlying any given vulnerability?
• What concrete steps can I take to migrate to a risk-based VM program?
• Which questions and selection criteria should I consider when evaluating technology products and vendors?