Continuous Vulnerability Management
Introduction
Safeguard 7 - Continuous Vulnerability Management
Procedures
7.1 - Establish and Maintain a Vulnerability Management Process
Contact the IT Security Office to set up a vulnerability management process and request vulnerability scanning
7.2 - Establish and Maintain a Remediation Process
If any security incidents occur, contact the IT Security Office immediately.
Then, patch the system in compliance with VT’s Minimum Security Standards Guidelines.
7.3 - Perform Automated Operating System Patch Management
Windows
You can manually install patches by going to settings on your device and checking for new updates. If the system already has the latest version a message will display saying your computer or device is up to date. If you click on the update, it tells you the purpose for the patch. Usually for important updates you will receive a notification. You can adjust the settings so that every patch that first arrives will be automatically downloaded for you. See the Microsoft Windows User Guide for installing patches.
- Go to Settings on your device.
- Click on Windows Update on the upper left side.
- Click Check Updates. From here your system will check for updates.
macOS
Linux Patching (Debian, Ubuntu and Fedora)
Centralized Device Management & Patching
If you are an IT Manager and wish to centrally manage device patching in your area, consider using BigFix, InTune and Jamf.
7.4 - Perform Automated Application Patch Management
- Know how to check the application version. Typically, the version information can be found in the application settings, an about page, or a version command flag (e.g.
--version
). - Familiarize yourself with the automatic update process for the application. Consult your application’s documentation for information specific to your application.
- Keep your application up to date with the latest version. The easiest way to accomplish this is by enabling automatic updates.
7.5 - Perform Automated Vulnerability Scans of Internal Enterprise Assets
Contact the IT Security Office to request vulnerability scanning
7.6 - Perform Automated Vulnerability Scans of Externally Exposed Enterprise Assets
Contact the IT Security Office to request vulnerability scanning
7.7 - Remediate Detected Vulnerabilities
If any security incidents occur, contact the IT Security Office immediately.
Then, patch the system in compliance with VT’s Minimum Security Standards Guidelines.
Other
If you have questions that are not covered in these procedures, please contact the VT IT Security Office itso@vt.edu for a consultation.