{"id":3602,"date":"2025-11-26T06:22:29","date_gmt":"2025-11-26T06:22:29","guid":{"rendered":"http:\/\/69269ca5fd8a399dacc316c9"},"modified":"2025-11-26T06:22:29","modified_gmt":"2025-11-26T06:22:29","slug":"risk-based-vulnerability-management-rbvm-2","status":"publish","type":"post","link":"https:\/\/worldinformatixbeta.supagrow.in\/wp\/2025\/11\/26\/risk-based-vulnerability-management-rbvm-2\/","title":{"rendered":"Risk Based Vulnerability Management (RBVM)"},"content":{"rendered":"

Risk Based Vulnerability Management (or RBVM<\/a>) is a process by which one evaluates the business risk for an organization resulting from its vulnerable digital assets and helps organization achieve an acceptable security posture by prioritizing the remediation.<\/p>\n

Current challenges<\/h2>\n
Organizations are managing risk by :-<\/h5>\n
i. Complying to Industry Standards<\/u><\/h6>\n

E.g. ISO 27001:2022, NIST-CSF. This is via manual audits, which is time consuming and laborious. It is enough for an organization to achieve a cyber hygiene, but not sufficient to counter cyber-attacks, which are ever changing!<\/p>\n

\"\"<\/p>\n

ii. Performing Vulnerability Assessments<\/h6>\n

Typically tool based, identifies vulnerabilities in assets by looking up popular vulnerability databases, like NVD (National Vulnerability Database).<\/p>\n

\"\"<\/p>\n

Another class of issues is Misconfiguration. <\/strong>Though these are not the classic vulnerabilities, they do render the asset vulnerable. These are checks performed against popularly accepted industry benchmarks like CIS<\/strong> (Centre for Internet Security).<\/p>\n

The IT infrastructure of an organization today is diverse, spread across the cloud, on-premise and employees working from home. The vulnerability assessment must cover the assets in the above scenarios.<\/p>\n

Challenges with Vulnerability Assessments<\/h6>\n