181
6
pr o c e S S
6.1 Introduction
Process is a critical component of any successful security program. It
is integrated into the organization to support policy and, by exten-
sion, the program charter. Process guides the use of technology
but is not a servant to it. is distinction is important because, too
often, processes are designed purely to operate technology rather
than produce the outcome that supports the organization’s objec-
tives. e result is a series of ad-hoc revisions to processes once they
are implemented.
Process development need not be a long, drawn-out affair. With
a basic framework of process, 90 percent of the work can be done
quickly. In this chapter, we will discuss the steps in the vulnerability
management (VM) process ...