Threat and Vulnerability Management (TVM)

IT infrastructure of an organization is transforming, responding to the business requirements of current capacity augmentation and capabilities improvement and to the requirements of network extension to partners and service providers. Trends such as mobility, virtualization, and wireless are driving the infrastructure towards optimization and renewed flexibility. On the other hand, ever increasing security threats with enhanced capabilities, varieties and scales are exploring new ways to find vulnerabilities in an organization’s infrastructure and exploit them to cause maximum possible damage. For many of the threats that are perennial in nature, an organization usually has some measures in place to take care of them. These kind of measures fall under the Threat and Vulnerability Management Program (TVM). However, evolving threats add a different set of challenges, which require continuous vigil over new threat scenarios erupting as a result of discovery of a new vulnerability, disclosure of a new exploit or emergence of a new malware threat. TVM should ensure that an organization’s resources are protected against the perennial and as well as evolving threats. TVM should also provide assurance over the management of organization’s resources in a way that the relevance of new vulnerabilities, exploits or malware is immediately tested and that the organization responds swiftly to them.

DSCI believes that this discipline of security adds critical value to an organization’s security initiatives, which not only delivers protection capabilities but also provides means to manage IT infrastructure securely. This section explains DSCI approach towards TVM and renders a set of principles that will help establish a mature and promising TVM function in an organization.

Keeping the infrastructure security posture up-to-date, scanning the infrastructure for identification of new issues or vulnerabilities that could potentially lead to a security compromise, taking corrective measures in case of a likely compromise, effectively managing infrastructure that inherently is risk prone and delivering a fast response in case of compromise are essential characteristics of the TVM function. DSF pays a careful attention to this discipline as this function can stimulate dynamism in an organization’s security initiatives, which should be an essential characteristic of any contemporary security program. DSCI Best Practices represent contemporary understanding in this field that includes evolving practices around TVM, emerging technical solutions and layered approaches towards TVM that entails strategic, tactical and operational perspective.

  • Create an inventory of all IT assets and a dependency map of Business to IT systems — applications, databases, systems, services, services, ports, protocols, interfaces etc.
  • Create a catalog of IT Infrastructure Management processes for network, server, desktop, application lifecycle, data management etc. These should include capacity management, configuration management, incident management, problem management, change management, service management and quality management
  • Identify the IT environments — development, testing, staging, production and disaster recovery — across which the infrastructure is distributed
  • Evaluate the characteristics of IT infrastructure. Create a complete map of infrastructure characteristics and their uniformity
  • Identify and map all the compliance requirements that are specific to TVM function
  • Create an inventory of technical security policy elements and identify how they are enforced across the infrastructure
  • Create an inventory of ‘system hardening’ processes
  • Create a map of systems, devices and applications that are connected to the external world
  • Assess the threat profile of the organization — external and internal threats that are perennial and evolving — map them to individual assets
  • Create a map of existing TVM preparedness: Architecture, Technology solutions, TVM processes, strategic, tactical and operational efforts and Coverage
  • Identify a life cycle process for patch management. Create a map of resources and efforts spent for creating lab environment for patch testing
  • Define a security baseline of the organization that includes:
    • Map the roles and responsibilities of the TVM function Evaluate the performance initiative of TVM functions
    • Understand how an organization’s TVM function responds to the changing IT environment including the threats and vulnerabilities that arise from its service providers, vendors and partners
  • Establish a complete visibility over the organization’s IT infrastructure, its characteristics, threat profile, current security baseline
  • Ensure that a significant level of efforts is taken to bring homogeneity & standardization of IT infrastructure in order to reduce diversity. Homogenous and standardized infrastructure is required in Network Infrastructure; Operating Environment; Application Platforms; Underlying Databases; Extended environment – Mobile, Wireless, Virtual & Storage Infrastructure; Endpoints; Security Infrastructure
  • Establish a periodic Infrastructure refreshment cycle for all categories of infrastructure
  • Ensure that the technical solutions deployed for TVM are derived from well conceived security architecture. The architectural treatment to TVM components should take into account the perennial threats and evolving threats
  • Ensure that the competence of technical solutions deployed is continuously assessed for competence and effectiveness throughout the lifecycle
  • Ensure that the arrangements made for TVM cover all critical IT assets and accuracy of the measures designed and deployed to protect IT assets are well tested
  • Ensure that the coverage of TVM program is extended to all environments including that of development, testing, pre-production and production
  • Ensure that the coverage of TVM program is extent to address threats and vulnerabilities of mobile computing devices of an organization
  • Ensure that all the unnecessary services, ports and interfaces open in systems, network equipments and endpoints are closed
  • Define a technical security policy that articulates organization’s strategy to mange security at system level
  • Ensure that there exist means for enforcement of technical policies
  • Ensure that the effectiveness of technical policy implementation is tested regularly. Establish an enterprise wide hardening guidelines that assure secure configuration of devices, equipments, platforms, databases, solutions and tools
  • Integrate Patch Management with the operational cycle of IT infrastructure management. Ensure that compliance to patch management processes is adhered, measured and reported
  • Ensure that there exists a mechanism for testing relevance of new security issues in least possible time from the outbreak of the issue
  • Ensure that a relevance testing mechanism is facilitated by a comprehensive security intelligence mechanism that relies on internal as well as external knowledge sources
  • Establish a strategy for assessment of IT infrastructure for identification of vulnerabilities
  • Ensure that there exists a remediation mechanism that is well integrated with the IT Infrastructure management process
  • Ensure that there exists a significant understanding on current security baseline of an organization
  • Ensure that the TVM caters to challenges emerging from all perspectives and channels — infrastructure, networks, applications, web access, databases, endpoints etc.
  • Ensure that a sufficient level of resources and efforts are dedicated to TVM and are adequately distributed to strategic, tactical and operational layers
  • Ensure that the TVM solutions and processes are well integrated with security monitoring and incident management mechanisms
  • Extend the scope of TVM function to the systems managed by service providers, vendors and partners
  • Ensure that all externally provisioned systems adhere to the principles, processes set up by the TVM function
  • Complete visibility over the IT infrastructure components
  • Homogeneity and standardization of the IT infrastructure
  • Coverage of the TVM program
  • Architectural treatment to the TVM solution elements
  • Competence and accuracy of the measures
  • Enforcement of the technical policies
  • Configuration & change management process maturity
  • Responsiveness to the new security issues
  • Integration with IT infrastructure management processes
  • Operational excellence

Please allow pop-up in your internet browser to download DSF

DSCI Security Framework