Vulnerability Management Check

Get a comprehensive evaluation of vulnerability detection and defenses

Next Steps:


When was the last time you evaluated your vulnerability management program? Is your scanner detecting all the latest vulnerabilities? Are some of your systems being overlooked during the remediation process? Is your remediation process efficient, responsive, and up to date?

Foundstone consultants can help you assess your current vulnerability management program. Our Vulnerability Management Check analyzes the gaps in your vulnerability management program and identifies the areas where you may not have the right balance of people, process, and technology.

Key Benefits

  • Benchmark your vulnerability management program against industry best practices and standards.
  • Determine gaps not just in technology, but in people and processes.
  • Ensure your vulnerability management program keeps up with the ever-changing threat landscape.


Foundstone assesses your current vulnerability management program in 11 best practice areas and makes recommendations on the next steps. These recommendations are made based on interviews with key personnel and a review of policies and procedures. Successful vulnerability management balances the demands of security against the needs of individual business units. It includes these steps:

  1. Current policy review relative to generally recognized standards and compliance guidelines
  2. Asset inventory:
    • By type
    • By owner
    • Specifications
  3. Data classification to create an asset criticality profile, which defines how important each asset is to your organization
  4. Vulnerability assessment
    • What and when
    • Vulnerability classification
  5. Threat correlation
    • Worms, exploits, wide-scale attacks, and new vulnerabilities
    • Correlation of high-profile threats with the most important assets
  6. Determination of risk level based on the intersection of assets, vulnerabilities, and threats so you can put your focus and attention on critical risks
  7. Remediation
    • Factoring the cost to remediate versus the cost to ignore
    • Zeroing in on must-have remediations
  8. Metrics
    • Accurate metrics for more informed and more effective management
    • Evaluation of your current state of security measurement against current baselines and ideal conditions (e.g., Six Sigma)
  9. Training
  10. Communication
  11. Definition of organizational roles and responsibilities