It should be evident by this point in the book that vulnerability   management is quite complex. Several tools, techniques, and processes can be used to reduce complexity and automate where possible. However, the same difficulties still exist, and organizations with a massive backlog of vulnerabilities must consider alternatives. In the cybersecurity space, the human element has come to the forefront as the way forward to enhance cyber programs and reduce risks in enterprise.

This chapter discusses the psychological components that should be incorporated into a modern vulnerability management program (VMP). This program includes the discipline of human factors, security engineering methods, as well as cognition and perception. Each piece of the human experience impacts how vulnerabilities are identified, prioritized, and ultimately resolved.

Many legacy vulnerability management documents and guidance, however, don't speak to the human aspect of vulnerability management programs. Each person, whether they are a system owner, an IT professional, systems engineer, security analyst, or technical manager, has a unique experience to bring to the table. Incorporating the human element in vulnerability management includes the way that individuals process information, make decisions, and ultimately are responsible for aspects of the VMP.

This chapter covers how organizations can build better VMPs by understanding how their users as well ...