Implementation of the vulnerability management program using project approach

Abstract

A vulnerability is defined in the standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” [1]. IT security regulations increasingly are the norm demonstrating a standard of care in protecting sensitive data. To serve this standard, several regulatory bodies have mandated the creation of vulnerability management programs. Examples include: the Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), and Federal Energy Regulation Committee (FERC)