book

Moving from Vulnerability Management to Exposure Management

Name: Moving from Vulnerability Management to Exposure Management
Author: MJ Kaufmann
ISBN: 9781098173234

by MJ Kaufmann

August 2024

Beginner to intermediate

52 pages

1h 19m

English

O'Reilly Media, Inc.

Read now

Unlock full access

1. Introducing Vulnerability Management
A Brief History of Vulnerability ManagementTracking VulnerabilitiesUnderstanding CVEsUnderstanding CVSS ScoresModern ApproachesThe Challenges of Vulnerability ManagementAlert OverflowReliance on Agent-Based or Agentless SolutionsLimited VisibilityChallenges Detecting MisconfigurationsComplexityLack of Timely Updates
2. Introducing Exposure Management
What Is Exposure Management, and Why Was It Created?Contrasting Vulnerability Management and Exposure Management Approach to AnalysisVisibilityComplexityWhat Is Continuous Threat Exposure Management? (CTEM)
3. The CTEM Framework
Understanding the Five Phases of CTEMScopingDiscoveryPrioritizationValidationMobilizationThe CTEM Tech StackTechnology for ScopingTechnology for DiscoveryTechnology for PrioritizationTechnology for ValidationTechnology for MobilizationAssembling the Pieces
4. Implementing CTEM
Strategically Defining Cybersecurity Scopes Essential Steps for Effective Scope IdentificationTailoring Cybersecurity Scopes to Your Organization’s NeedsEvaluating Your Technology Stack for Optimal CTEM IntegrationPerforming a Comprehensive Analysis of Your Current Cybersecurity StateConducting Thorough Vulnerability and Compliance AuditsMaximizing CTEM Efficiency Through Strategic IntegrationDeveloping a Strategic Plan for TransitionThe Phases of a CTEM Transition Plan Initial Planning and Assessment PhasePilot-Testing PhaseFull-Scale Implementation PhaseOptimization and Continuous Improvement PhaseManaging Organizational Change During CTEM ImplementationBuilding the Ideal Team for CTEM SuccessDefining Key Roles and ResponsibilitiesEnhancing Skills and TrainingOptimizing Team StructureEmbracing a Proactive Future
About the Author

Overview

Exposure management is a set of processes that gives enterprises the awareness to continually and consistently evaluate the visibility, accessibility, and vulnerability of their digital assets. Today's organizations must handle a broader range of exposures, including those posed by modern application development. No longer can they rely on the outdated practice of searching for known vulnerabilities.

This report helps prepare security professionals to make that shift. Topics include:

What are vulnerability management and exposure management, and how are they different?
Why technological changes in how applications are developed and deployed have outdated the vulnerability management processes that security teams have relied on for the past two decades
What is continuous threat exposure management (CTEM) and how to put a CTEM program in place?
A roadmap for implementing exposure management and a framework for measuring the resulting improvements in security maturity

MJ Kaufmann, Founder and Principal Consultant at Write Alchemist, holds a master's degree in Information Security (MSIS). With more than two decades of practical IT expertise, her experience ranges from trailblazing enterprise-level projects to ghostwriting for global tech giants and shaping the next generation of IT professionals.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Identity-Native Infrastructure Access Management

Publisher Resources

ISBN: 9781098173241

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills