A policy should be defined at the outset of a Vulnerability Management Program (VMP) to provide a clear framework and set of guidelines for how the program will be executed and governed. This policy serves as the foundation for the entire program, ensuring that all activities are aligned with the organization’s objectives, regulatory requirements, and risk management strategies.
References:
NIST Special Publication 800-40 Revision 3: NIST emphasizes the importance of defining a policy as the foundational step in vulnerability management. This policy guides all subsequent actions and ensures that the process is aligned with organizational goals and regulatory requirements (NIST, 2013).
Center for Internet Security (CIS) Controls: CIS Controls recommend defining and documenting a vulnerability management policy first to provide a clear framework and ensure all stakeholders understand their roles and responsibilities (CIS, 2020).
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
alfaMegatron
3 months, 1 week agonshams
4 months, 1 week agojohndoe69
5 months, 3 weeks ago