Abstract
Notes
1. DHS reported that in FY 2007, there were 12,986 incidents reported by agencies (OMB 2008).
2. Some ideas for metrics within the vulnerability management process can be found in Global Technology Audit Guide (GTAG) 6: Managing and Auditing IT Vulnerabilities (CitationRomanosky et al. 2006) as well as in NIST SP 800-40 (CitationMell et al., 2005).
3. The CERT Resiliency Engineering Framework (REF) is an effort to provide guidance to organizations looking to mature and improve the processes they use to ensure operational resiliency. The process improvement framework provided in CERT REF, more fully expands on the interdependencies between the vulnerability management process and other enterprise capabilities, such as information security risk management. The framework applies structured process engineering principles to an enterprise's security and business continuity activities, with the goal of ensuring optimum resource application and maximizing the investments that an organization makes in managing operational risk. For more information about the CERT Resiliency Engineering Framework, visit http://www.cert.org/resiliency_engineering/
URLs are valid as of the date of publication of this document.