Security is a process
Remedies are part of vulnerability management. Recognition must thus lead to a process that will eliminate detected weaknesses. Any vulnerability management process should answer three questions:
- Who gets which information about vulnerabilities and when?
- Who is responsible for what?
- What remedies are available?
Vulnerability in an on-line Web server is riskier than in an off-line system with telephone access.
Damage to machinery used in manufacturing is usually a lot more expensive to repair than damage to a Web server used for image films.
That’s why setting priorities is so important.