This book has covered vulnerability management from asset and patch management to scoring and prioritization, all the way through threat intelligence and human factors. Each chapter of this book has laid the foundation for the development of a maturity model that organizations can implement for their vulnerability management program (VMP). All the previous information was meant to describe how to build these concepts and practices into your own VMP.

These strategies are not a one-size-fits-all solution, but merely a recommendation of steps to follow to either build a VMP from scratch or determine how mature the existing VMP is, and ultimately get to a state where vulnerability management is not a burden on a team or organization.

As you read through each step, ask yourself the following questions as you study Figure 12.1:

1. Is this step already implemented as described?
2. Do I consider our organization's VMP to be at full maturity with these steps?
3. Are there any areas where we need to improve upon our own VMP?
4. Who within my organization should I consult with about each step?
5. What step is my team/organization at, and can we create a plan to build to the next step?

We recommend that you read each step thoroughly and reference the prior chapters as you begin building upon your own practices and identifying gaps. VMPs are not built or matured in a day but over time. Take these steps and consider how best to reach a mature VMP within your ...