Continuous Vulnerability Management

Introduction

Safeguard 7 - Continuous Vulnerability Management

Procedures

7.1 - Establish and Maintain a Vulnerability Management Process

Contact the IT Security Office to set up a vulnerability management process and request vulnerability scanning

7.2 - Establish and Maintain a Remediation Process

If any security incidents occur, contact the IT Security Office immediately.
Then, patch the system in compliance with VT’s Minimum Security Standards Guidelines.

7.3 - Perform Automated Operating System Patch Management

Windows

You can manually install patches by going to settings on your device and checking for new updates. If the system already has the latest version a message will display saying your computer or device is up to date. If you click on the update, it tells you the purpose for the patch. Usually for important updates you will receive a notification. You can adjust the settings so that every patch that first arrives will be automatically downloaded for you. See the Microsoft Windows User Guide for installing patches.

  1. Go to Settings on your device.
  2. Click on Windows Update on the upper left side.
    Windows Update button
  3. Click Check Updates. From here your system will check for updates.

macOS

Updating macOS

Linux Patching (Debian, Ubuntu and Fedora)

Centralized Device Management & Patching

If you are an IT Manager and wish to centrally manage device patching in your area, consider using BigFix, InTune and Jamf.

7.4 - Perform Automated Application Patch Management

  1. Know how to check the application version. Typically, the version information can be found in the application settings, an about page, or a version command flag (e.g. --version).
  2. Familiarize yourself with the automatic update process for the application. Consult your application’s documentation for information specific to your application.
  3. Keep your application up to date with the latest version. The easiest way to accomplish this is by enabling automatic updates.

7.5 - Perform Automated Vulnerability Scans of Internal Enterprise Assets

Contact the IT Security Office to request vulnerability scanning

7.6 - Perform Automated Vulnerability Scans of Externally Exposed Enterprise Assets

Contact the IT Security Office to request vulnerability scanning

7.7 - Remediate Detected Vulnerabilities

If any security incidents occur, contact the IT Security Office immediately.
Then, patch the system in compliance with VT’s Minimum Security Standards Guidelines.

Other

If you have questions that are not covered in these procedures, please contact the VT IT Security Office itso@vt.edu for a consultation.