Building on the foundation of a successful configuration, change, and patch-management program, Portland State University implemented a routine vulnerability assessment and remediation program. We will outline our iterative improvement cycle from a starting point of annual external vulnerability assessment to a continuous in-house, risk-informed process leveraging only a partial FTE investment. We will address our weekly cycle of assessment and integration with ordinary systems administration operations and show how even small or under-resourced teams can build a system that works today to provide actionable intelligence to your operations teams. This is a general interest session.
Outcomes: Feel prepared to increase vulnerability assessment frequency * Understand the importance of a "starting today" mentality in vulnerability management * Understand the benefits from even basic routine vulnerability management
Sr. Information Security Analyst, Portland State University