PrograM and organization 55
Prioritization of vulnerabilities: e vulnerabilities found •
will be prioritized. In many cases, more vulnerabilities are
found than can possibly be fixed in a reasonable amount of
time. You will have to specify what gets done first. It is even
possible that you may want a policy statement of the circum-
stances under which systems administrators should drop
everything they are doing and remediate or shut down the
system in question.
Valuation of assets: Every system is a company asset. It has •
to be given a value, which can be used in the prioritization
process. We will discuss this more in Chapter 6.
Time limits: Depending on the severity and type of vulner-•
ability, time limits for remediation must be set. ...