SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsVulnerability management has been defined as the 'cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities,' (Cornell, 2009) especially in software and firmware. As such, it is integral to 'Information Assurance' for most organizations with networks. In order to conduct vulnerability management, many organizations, such as the United States Department of Defense (DoD), have created systems such as the Vulnerability Management System (VMS). However, the current version of VMS is very cumbersome and it is about to be replaced by the Continuous Monitoring and Risk Scoring (CMRS) system. CMRS will integrate several Information Assurance activities with vulnerability management. However, there is room for improvement, even with the implementation of the new system. This paper will offer solutions for improving the vulnerability management process with either improvement to future versions of CMRS or other future systems.