Vulnerability Management

Vulnerability Management is the process of identifying, prioritizing, and managing vulnerabilities within systems, applications, networking infrastructure, devices, and hardware. Vulnerabilities exist in all technology assets. By taking an inventory of technology assets and identifying their vulnerabilities, actionable and prioritized plans can be created to facilitate fast, focused remediation, reducing overall vulnerability and risk.

The objectives of this initiative are as follows:

1. Prioritize technical vulnerabilities in the Client’s environment to focus remediation
2. Improve the general Vulnerability Management process through expert consulting
3. Create and maintain a sustainable, auditable, performant vulnerability management program within the client organization

Vulnerability Risk Management consists of the following:

1. INITIALIZATION MEETING – DeepSeas will host a kickoff meeting to conduct introductions and familiarize the Client with the initiative. This meeting will be no longer than sixty (60) minutes and it is intended to review the objectives, methodology, scope and deliverables in the Statement of Work.
2. PLANNING – Preparation necessary to conduct an effective test, including:
   1. Scope Definition – Identifying the scan scope and outputs that will provide the basis for the project.
   2. Schedule Development – Scheduling, project plan creation and resource identification.
3. SCAN ANALYSIS & PRIORITIZATION – Identification of priority technical vulnerabilities by performing the following:
   1. Monthly Vulnerability Scan Analysis and Prioritization - Review and analysis of scan outputs from scanning vendor, and prioritization of vulnerabilities by application of internal and public threat intelligence with markup of scanner output documents.
4. PROGRAM COLLABORATION - Collaborative vulnerability management workshop sessions to identify systemic program gaps:
   1. Monthly Client Meetings - Collaborative sessions with review and identification of systemic vulnerability management gaps based on scan results, summarized by a report on gap status/program progress and basic metrics reporting/summary.
   2. Quarterly Executive Briefings - Review of vulnerability program status and progress with leadership, including review of the Vulnerability Management Summary.

DeepSeas will produce the following deliverables:

1. Vulnerability Reporting: After vulnerability scans are executed, DeepSeas will review and analyze the scan results, in the form of various vulnerability reports. Included in Vulnerability Reporting are the following components: 
   1. Review scan results/reports
   2. Troubleshoot any detected problems with scan reports/report templates
   3. Provide a notated version of scan data output in an Excel document, and/or via online portal, featuring priority vulnerabilities along with an email summary and any applicable notes.
   4. Prepare and deliver monthly reports/dashboards
2. Vulnerability Management Summary - DeepSeas will provide a high level overview of the current program, suitable for board level/executive presentation, featuring strategy, focused vulnerabilities, current metrics, and intersecting methodologies such as threat intel, penetration testing, and threat hunting