Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Vulnerability Mitigation Management

from [Ken S] Network Security [Permanent Link]
Subject: Re: Vulnerability Mitigation Management
Date: Fri, 12 Nov 2004 13:56:49 -0600 
Since you work for a large corporation, I'd be really surprised if
they don't already have some kind of issue-tracking software in the
company that you could leverage for your needs.  If you ask enough
people enough questions, I'll bet you'll find something's already in
place.

Depending on your needs, a simple database might work fine.  

If not, most of the COTS vulnerability management vendors have (or
will soon have) ticketing systems as part of their software. 
Foundstone definitely does.  Event correlation vendors such as
ArcSight have ticketing systems as well.  These will typically
integrate with large vendors such as Remedy, so the security tool can
create a ticket and then push it to Remedy.

One note of caution, be prepared for some resistance if you have
long-term plans for managing people's daily tasks with a ticketing
system.  Many professionals (not just security folks)  who have not
been tied to a ticketing system in the past can often find it
difficult to adapt.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Email Retention Policy, Robert Mezzone
Next by Date:  Re: Email Retention Policy, James_Shira
Previous by Thread:  RE: Vulnerability Mitigation Management, rainer
Next by Thread:  Question for all ISP Security Groups, Paul Ryan
Indexes:  [Date] [Thread] [Top] [All Lists]