Implementation Recommendation
vaaredf
week4.docxRunning Head: MITIGATING VULNARABILITIES 1
MITIGATING VULNARABILITIES 4
Mitigating Vulnerabilities
Mitigating Vulnerabilities
Installing Patches
Mitigating vulnerabilities should involve a patch installation. This will go a long way in evaluating these vulnerabilities and identifying flaws in software. As such, it also ensures that recommendations are made with the sight of what the effects of vulnerability infringement could be to the company. Taking these steps will help the company make a priority list of the released vulnerabilities an align them to find out which one should be accorded the highest business priority. These efforts should be coupled up with a system to manage the patch. It will assist in the evaluation of the impact of the patch on its application, and the resources needed to run it eradicating the need for compensating controls that may limit or eradicate the risks to the business (Finifter, 2013).
The vulnerabilities of Kroger ID symbolizes the importance of mitigating risk. The business risks associated with the vulnerability would have been looked into and the ways in which it could have been mitigated recommended. As such, a control for mitigation like a system configuration change, web application firewall or intrusion prevention could have been in place and prevented the data breach. The approach should be taken in a layered form (Polydys, 2009).
Vital Updates
Businesses have been in constant struggle with updating vital applications like data acquisition and supervisory control systems, enterprise resource planning and e-commerce systems. Due to the degree of how much data these systems process and scale of their operational scope, just having them go down for a few hours means the company makes losses in their millions. Also, downtime is made more complex by the criticality of these systems and consequent lack of allowance of planned outages or the fact that the makers of these systems make it so costly in terms of software releases and updates. Normally, such a risk is accepted at lower management levels without the recognition of its impact on the business. To add salt to injury, systems that are critical to the business are most often the most vulnerable in terms of their software (Gilbert, 2011).
Companies fail to acknowledge the accepted risk by improper addressing of vulnerabilities brought about by unplanned breaches and outages. A reliable vulnerability mitigation process makes an evaluation of the vulnerabilities, regardless of the protectives put in place and recommends the appropriate techniques to mitigate them. An inventory of the systems that are critical to the business should be made. An inventory should not be made for all systems in the business as it would be cumbersome but should start with the vital system. This will ensure protection from losses and outages (Kar, 2011).
Reviewing Vulnerabilities
Security analysts in the business, in efforts to assess the vulnerabilities, should ensure they possess accurate information on the protective measures in place. These include antiviruses, firewalls, and intrusion prevention systems among others. These measures in place become the inputs into the process of reviewing vulnerabilities. The analyst should, therefore, evaluate their impacts on the organization, determine if there are any protective measures put in place and recommend what actions to be taken. Mitigating vulnerabilities should be done in a lifecycle method in order to ensure risk is mitigated. The vulnerability rating changes with time such as when an exploit code becomes accessible or included in a malware kit, this would increase the threat measure of the vulnerability greatly. As such, reviewing vulnerability is not enough but requires coupling up with network isolation, software uninstalls or patching (Finifter, 2013).
Staying updated in terms of operating systems and systems that are huge in scale can be very exhaustive. Open source projects and corporate software all have certain vulnerabilities that can lead to data breaches and data loss. It is upon these companies to deal with these vulnerabilities and undertake adequate and reliable preventable measures. The impact of attacks can be limited by the use of vulnerability mitigation strategies that will identify the risk to the business. In the instance that the systems are undergoing an audit, and cannot be updated for reasons pertinent to compliance, alternative solutions may be drawn from the vulnerability mitigation strategies in place. Organizations like Kroger and their data are left to risk when they do not possess awareness on the threats posed by vulnerabilities and measures that could be counteractive to these threats (Gilbert, 2011).
References
Finifter, M. (2013). Towards Evidence-Based Assessment of Factors Contributing to the Introduction and Detection of Software Vulnerabilities. Berkeley, CA.
Gilbert, R. (2011). Defending against malicious software. [Santa Barbara, Calif.]: University of California, Santa Barbara.
Kar, D., & Syed, M. (2011). Network security, administration, and management. Hershey, Pa.: IGI Global (701 E. Chocolate Avenue, Hershey, Pennsylvania, 17033, USA).
Polydys, M., & Wisseman, S. (2009). Software Assurance in Acquisition: Mitigating Risks to the Enterprise. A Reference Guide for Security-Enhanced Software Acquisition and Outsourcing. Ft. Belvoir: Defense Technical Information Center.
