Vulnerability & Patch Management Process


1. Introduction

A vulnerability is defined in the ISO 27002 standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” (International Organization for Standardization, 2005)[1]

It is essential, in today’s society, for businesses to have an online presence in order to be fully capable of engaging in e-commerce and stay competitive. As a result, it’s imperative that businesses protect their data and put IT security at the forefront of everything they do online and off. With the advancement of new technologies comes opportunities for businesses to fall victim to scams through various attack vectors some of the most popular being social engineering and online computer network infiltrations. Continue reading



I will reflect upon the differences observed between three different vulnerability scanners and management tools, Nessus, Nexpose, and OpenVAS. Areas to be reviewed include, ease of use, accuracy of findings, depth of information in the tool and reports, actionability of the information provided and any other relevant criteria believed to be relevant. This report will also compare the results, remediation advice, and reliability as observed by the three different software programs. The test used for this report will be performed on a virtual network constructed entirely inside of a virtual machine on a 2009 Mac Pro using Parallels 10. The free versions of Nessus and Nexpose vulnerability scanners will run against the Metasploitable 2 virtual machine inside of Parallels and OpenVAS, which is a free open source vulnerability scanner, will be referenced from a YouTube video. Each test will be performed under identical network conditions.

Continue reading