45
3
pr o g r a m a n d or g a n I z a t I o n
3.1 Introduction: Program Structure
e structure and composition of an IT or compliance organization
can have a significant impact on the effectiveness of vulnerability
management (VM). It is important to understand the relationship
between the business stakeholders and the managers of underlying
IT assets. It is this relationship that should reflect the adage that IT
exists to support the business. If you can get the support of the busi-
ness, then IT will be driven to support a VM program and comply
with supporting policy. To put it more simply, VM must be a business
priority. Otherwise, it is not worth doing.
Support of the business is the essence of the VM program. It
encompasses all activities, ...