HomeProjectsContact

Vulnerability Management Program

A Python tool that scans .eml email files for signs of phishing. It checks the sender, message text, links, and attachments for red flags like suspicious keywords, fake domains, and risky file types. The tool gives each email a score, a clear verdict, and can optionally check link reputations with VirusTotal.

Tyler Droxler
Aug 20, 2025

Project Overview

In this project, we simulate the implementation of a comprehensive vulnerability management program, from inception to completion.

Inception State: the organization has no existing policy or vulnerability management practices in place.

Completion State: a formal policy is enacted, stakeholder buy-in is secured, and a full cycle of organization-wide vulnerability remediation is successfully completed.

Technology Utilized

- Tenable (enterprise vulnerability management platform)
- Azure Virtual Machines (Nessus scan engine + scanned target)
- PowerShell & BASH (remediation scripts)

Step 1. Vulnerability Management Policy Draft Creation

This phase focuses on drafting a Vulnerability Management Policy as a starting point for stakeholder engagement. The initial draft outlines scope, responsibilities, and remediation timelines, and may be adjusted based on feedback from relevant departments to ensure practical implementation before final approval by upper management.

Hide Policy
Show Policy


1. Policy Overview

This policy establishes the framework for managing vulnerabilities within LogN Pacific's IT infrastructure to ensure the security and integrity of our systems through timely and effective identification, evaluation, and remediation of threats.

2. Scope

This policy applies to all IT assets owned or operated by LogN Pacific, including networks, servers, endpoints, and associated applications.

3. Responsibilities

Chief Information Security Officer (CISO): Oversight of the vulnerability management process and ensuring compliance with this policy. Department Heads: Responsible for ensuring compliance within their respective departments.

Chief Information Officer (CIO): Ensuring that vulnerability management is integrated with LogN Pacific's overall IT strategy.

4. Vulnerability Scan Schedule

Routine Scans: Conduct monthly scans of all IT assets to identify vulnerabilities.

Ad-Hoc Scans: Perform scans in response to significant security alerts or when new vulnerabilities are reported.

A local agent will be used for vulnerability assessment on end-user workstations

5. Remediation Schedule and Cadence

Based on the Common Vulnerability Scoring System (CVSS):

Critical RCE ZERO DAY (CVSS 9.0-10): Remediate or mitigate within 48 hours.
Critical (CVSS 9.0-10): Remediate or mitigate within  48 hours.
High (CVSS 7.0-8.9): Remediate or mitigate within 7 days.
Medium (CVSS 4.0-6.9): Remediate or mitigate within 30 days.
Low (CVSS 0.1-3.9): Remediate or mitigate within 90 days.

6. Maintenance Plans

Routine Patching: Apply security patches and updates on a scheduled monthly basis.

Emergency Patching: Initiate within 24 hours for critical vulnerabilities that pose immediate risks.

Emergency Mitigation: Implement temporary measures (e.g., firewall rules, access restrictions) to protect against vulnerabilities while permanent solutions are developed.

Unpatchable Assets: Implement segmentation, increased monitoring, or phased removal from the environment.

7. Non-Compliance Consequences

Departments failing to comply with this policy will face:

Immediate review of their procedures.
Mandatory retraining for involved personnel.
Escalation to senior management for further disciplinary actions including termination

8. Sign-Off

Chief Information Security Officer (CISO)
Sign: Mike Smith
Date: 20 August 2025

Chief Information Officer (CIO)
Sign: Jane Doe
Date:20 August 2025

Chief Executive Officer (CEO)
Sign: Bob Roberts
Date:20 August 2025

9. Review and Revision

This policy will be reviewed annually or sooner if necessary to accommodate changes in business processes or to address emerging threats.

Document Control

Version: 1.1
Date: 20 Aug 2025
Author: Tyler D.

Step 2. Mock Meeting: Policy Buy-In (Stakeholders)

In this phase, a meeting with the server team introduces the draft Vulnerability Management Policy and assesses their capability to meet remediation timelines. Feedback leads to adjustments, like extending the critical remediation window from 48 hours to one week, ensuring collaborative implementation.

Vulnerability Management Policy Buy‑In

Manager: Thanks for reviewing the draft policy. Any concerns?

Team Lead: The 48‑hour remediation window for all critical vulnerabilities isn’t realistic with current staffing.

Manager: Understood. Let’s set the window to one week, and reserve the 48‑hour requirement for zero‑day or high‑risk cases.

Team Lead: That works. Could we also have some flexibility during the rollout?

Manager: Yes. Departments will have a six‑month adjustment period before full enforcement.

Team Lead: Fair enough. We appreciate being included in the process.

Manager: Of course. Collaboration is key. Thanks for your input.

Step 3. Policy Finalization & Senior Leadership Sign-Off

After gathering feedback from the server team, the policy is revised, addressing aggressive remediation timelines. With final approval from upper management, the policy now guides the program, ensuring compliance and reference for pushback resolution.

Hide Policy
Show Policy


1. Policy Overview

This policy establishes the framework for managing vulnerabilities within LogN Pacific's IT infrastructure to ensure the security and integrity of our systems through timely and effective identification, evaluation, and remediation of threats.

2. Scope

This policy applies to all IT assets owned or operated by LogN Pacific, including networks, servers, endpoints, and associated applications.

3. Responsibilities

Chief Information Security Officer (CISO): Oversight of the vulnerability management process and ensuring compliance with this policy.Department Heads: Responsible for ensuring compliance within their respective departments.

Chief Information Officer (CIO): Ensuring that vulnerability management is integrated with LogN Pacific's overall IT strategy.

4. Vulnerability Scan Schedule

Routine Scans: Conduct monthly scans of all IT assets to identify vulnerabilities.

Ad-Hoc Scans: Perform scans in response to significant security alerts or when new vulnerabilities are reported.

A local agent will be used for vulnerability assessment on end-user workstations

5. Remediation Schedule and Cadence

Based on the Common Vulnerability Scoring System (CVSS):

Critical RCE ZERO DAY (CVSS 9.0-10): Remediate or mitigate within 48 hours.
Critical (CVSS 9.0-10): Remediate or mitigate within 7 days.
High (CVSS 7.0-8.9): Remediate or mitigate within 2 weeks.
Medium (CVSS 4.0-6.9): Remediate or mitigate within 30 days.
Low (CVSS 0.1-3.9): Remediate or mitigate within 90 days.

6. Maintenance Plans

Routine Patching: Apply security patches and updates on a scheduled monthly basis.

Emergency Patching: Initiate within 24 hours for critical vulnerabilities that pose immediate risks.

Emergency Mitigation: Implement temporary measures (e.g., firewall rules, access restrictions) to protect against vulnerabilities while permanent solutions are developed.

Unpatchable Assets: Implement segmentation, increased monitoring, or phased removal from the environment.

7. Non-Compliance Consequences

Departments failing to comply with this policy will face:

Immediate review of their procedures.
Mandatory retraining for involved personnel.
Escalation to senior management for further disciplinary actions including termination

8. Sign-Off

Chief Information Security Officer (CISO)
Sign: Mike Smith
Date: 20 August 2025

Chief Information Officer (CIO)
Sign: Jane Doe
Date:20 August 2025

Chief Executive Officer (CEO)
Sign: Bob Roberts
Date:20 August 2025

9. Review and Revision

This policy will be reviewed annually or sooner if necessary to accommodate changes in business processes or to address emerging threats.

Document Control

Version: 1.2
Date: 20 Aug 2025
Author: Tyler D.

Step 4. Mock Meeting: Initial Scan Permission (Server Team)

The team collaborates with the server team to initiate scheduled credential scans. A compromise is reached to scan a single server first, monitoring resource impact, and using just-in-time Active Directory credentials for secure, controlled access.

Security Analyst: Good morning. Now that our vulnerability management policy is in place, I’d like to begin scheduling credentialed scans of your environment.

IT Manager: Sounds good. What’s involved, and how can we help?

Security Analyst: We’re planning weekly scans of the server infrastructure. It should take about 4–6 hours to cover all ~200 assets. We’ll need administrative credentials so the scan engine can log in and perform deeper checks.

IT Manager: Hold on—what exactly does scanning entail? I’m concerned about resource utilization, and granting admin credentials to every machine doesn’t sound safe.

Security Analyst: Valid concerns. The scan engine sends controlled traffic to identify vulnerabilities—checking registry entries, outdated software, and insecure protocols. Credentials are required for that deeper visibility.

IT Manager: As long as it doesn’t impact server availability, we can proceed.

Security Analyst: To be cautious, let’s start with a single server and monitor resource usage.

IT Manager: That’s reasonable. For credentials, could we use Active Directory accounts that remain disabled until scans are run, then deprovisioned afterward?

Security Analyst: Exactly—just‑in‑time access. That approach works well.

IT Manager: Great. I’ll have the team set up the automation for account provisioning.

Security Analyst: Perfect. I’ll follow up once the credentials are ready. Thanks for the collaboration.

IT Manager: Sounds good. Talk soon.

Step 5. Initial Scan of Server Team Assets

In this phase, an insecure Windows Server is provisioned to simulate the server team's environment. After creating vulnerabilities, an authenticated scan is performed, and the results are exported for future remediation steps.

Step 6. Vulnerability Assessment & Priorization

We assessed vulnerabilities and established a remediation prioritization strategy based on ease of remediation and impact. The following priorities were set:

1) Third Party Software Removal (Wireshark)
2) Windows OS Secure Configuration (Protocols & Ciphers)
3) Windows OS Secure Configuration (Guest Account Group Membership)
4) Windows OS Updates

Step 7. Distributing Remediations to Remediation Teams

The server team received remediation scripts and scan reports to address key vulnerabilities. This streamlined their efforts and prepared them for a follow-up review.

Step 8. Mock Meeting: Post-Initial Discovery Scan (Server Team)

The server team reviewed vulnerability scan results, identifying outdated software, insecure accounts, and deprecated protocols. The remediation packages were prepared for submission to the Change Control Board (CAB).

Security Analyst: Good morning. Before we review findings, did the scan cause any outages or resource issues?

IT Manager: No issues. Monitoring showed normal activity—aside from open connections, we wouldn’t have known a scan was running.

Security Analyst: Great. Let’s look at the results. Most findings are due to outdated software, including Wireshark. I also noticed the local guest account is part of the Administrators group, which shouldn’t be the case. Some items, like Microsoft Edge vulnerabilities, may resolve automatically through Windows Update. We can ignore the self‑signed certificate, but deprecated cipher suites (TLS 1.0/1.1) should be remediated.

IT Manager: Understood. The good news is most servers share the same vulnerabilities, so remediation should be consistent. I don’t anticipate issues with removing outdated software, disabling the guest account, or updating cipher suites. We’ll run changes through the next Change Control Board.

Security Analyst: Perfect. I’ll prepare remediation packages to streamline the process. Do you already have patch management in place for Windows updates?

IT Manager: Yes, updates are handled automatically.

Security Analyst: Excellent. I’ll research the best remediation steps and provide recommendations before the next board meeting.

IT Manager: Sounds good. Talk soon.

Step 9. Mock CAB Meeting: Implementing Remediations

The Change Control Board (CAB) reviewed and approved the plan to remove insecure protocols and cipher suites. The plan included a rollback script and a tiered deployment approach.

Project Lead: Next on the list are two remediation items for the server team: removal of insecure protocols and removal of insecure cipher suites. The Risk Analyst and Infrastructure Engineer have been collaborating on this. Could you walk us through the technical aspects?

Infrastructure Engineer: Normally I would, but the Risk Analyst actually built the solution. I’ll let them explain.

Risk Analyst: Sure. Insecure protocols and cipher suites allow systems to negotiate deprecated algorithms, which creates risk. These settings are controlled through the Windows registry. We developed a PowerShell script that disables insecure options and enables only secure, modern standards.

Project Lead: Understood. What happens if something goes wrong—do we have a rollback plan?

Risk Analyst: Yes. We’re using a tiered deployment: pilot group, pre‑production, then full production. Each remediation also includes an automated rollback script that restores the original registry settings if issues arise.

Project Lead: Good. Since these are straightforward registry updates, I’m not too concerned. That concludes this week’s change advisory meeting. Thanks, everyone.

Step 10. Remediation Effort

Remediation Round 1: Outdated Wireshark Removal

‍The server team used a PowerShell script to remove outdated Wireshark. A follow-up scan confirmed successful remediation.

Hide Script
Show Script
<#
.SYNOPSIS
    Uninstalls Wireshark from the system executing the script.
    Tested on Wireshark Version 2.2.1 (v2.2.1-0-ga6fbd27 from master-2.2).
    Please test thoroughly in a non-production environment before deploying widely.
    Make sure to run as Administrator or with appropriate privileges.

.NOTES
    Author        : Josh Madakor
    Date Created  : 2024-09-09
    Last Modified : 2024-09-09
    Version       : 1.0

.TESTED ON
    Date(s) Tested  : 2024-09-09
    Tested By       : Josh Madakor
    Systems Tested  : Windows Server 2019 Datacenter, Build 1809
    PowerShell Ver. : 5.1.17763.6189
    Wireshark Ver.  : 2.2.1 (v2.2.1-0-ga6fbd27 from master-2.2)

.USAGE
    Example syntax:
    PS C:\> .\remediation-wireshark-uninstall.ps1 
#>
 
 # Define the variables
$wiresharkDisplayName = "Wireshark 2.2.1 (64-bit)"
$uninstallerPath = "$env:ProgramFiles\Wireshark\uninstall.exe"
$silentUninstallSwitch = "/S"

# Function to check if Wireshark is installed
function Is-WiresharkInstalled {
    return Test-Path -Path $uninstallerPath
}

# Function to uninstall Wireshark
function Uninstall-Wireshark {
    if (Is-WiresharkInstalled) {
        Write-Output "Uninstalling Wireshark..."
        & $uninstallerPath $silentUninstallSwitch
        Write-Output "$($wiresharkDisplayName) has been uninstalled."
    } else {
        Write-Output "$($wiresharkDisplayName) is not installed."
    }
}

# Execute the uninstall function
Uninstall-Wireshark

Remediation Round 2: Insecure Protocols & Ciphers

The server team used PowerShell scripts to remediate insecure protocols and cipher suites. A follow-up scan verified successful remediation, and the results were saved for reference.

Hide Script
Show Script
<#
.SYNOPSIS
    Toggles ciphersuites (secure vs insecure) on the system.
    Please test thoroughly in a non-production environment before deploying widely.
    Make sure to run as Administrator or with appropriate privileges.

.NOTES
    Author        : Josh Madakor
    Date Created  : 2024-09-09
    Last Modified : 2024-09-09
    Version       : 1.0

.TESTED ON
    Date(s) Tested  : 2024-09-09
    Tested By       : Josh Madakor
    Systems Tested  : Windows Server 2019 Datacenter, Build 1809
    PowerShell Ver. : 5.1.17763.6189

.USAGE
    Set [$secureEnvironment = $true] to secure the system
    Example syntax:
    PS C:\> .\toggle-cipher-suites.ps1 
#>


# Set this variable to $true for a secure environment, $false for an insecure environment
$secureEnvironment = $true

# Define the secure cipher suite list as a comma-separated string
$secureCipherSuites = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_NULL_SHA,TLS_PSK_WITH_AES_256_GCM_SHA384,TLS_PSK_WITH_AES_128_GCM_SHA256,TLS_PSK_WITH_AES_256_CBC_SHA384,TLS_PSK_WITH_AES_128_CBC_SHA256,TLS_PSK_WITH_NULL_SHA384,TLS_PSK_WITH_NULL_SHA256"

# Define the insecure cipher suite list, which includes all secure ciphers plus additional insecure ones
$insecureCipherSuites = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_NULL_SHA,TLS_PSK_WITH_AES_256_GCM_SHA384,TLS_PSK_WITH_AES_128_GCM_SHA256,TLS_PSK_WITH_AES_256_CBC_SHA384,TLS_PSK_WITH_AES_128_CBC_SHA256,TLS_PSK_WITH_NULL_SHA384,TLS_PSK_WITH_NULL_SHA256,TLS_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,TLS_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA,SSL_RSA_EXPORT1024_WITH_RC4_56_SHA,SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,SSL_RSA_EXPORT_WITH_RC4_40_MD5"

# Define the registry path where the cipher suite order is stored
$regPath = "HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002"

# Check if the registry key exists, if not, create it
if (-not (Test-Path $regPath)) {
    New-Item -Path $regPath -Force
}

# Determine the cipher suites list based on the secureEnvironment variable
if ($secureEnvironment) {
    $selectedCipherSuites = $secureCipherSuites
    Write-Output "Configuring a secure environment..."
} else {
    $selectedCipherSuites = $insecureCipherSuites
    Write-Output "Configuring an insecure environment..."
}

# Set the cipher suite order in the registry
Set-ItemProperty -Path $regPath -Name "Functions" -Value $selectedCipherSuites

# Enable SSL Cipher Suite Order in Group Policy
$policyPath = "HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL"
$policyKey = "00010002"
$policyName = "Functions"

if (-not (Test-Path "$policyPath\$policyKey")) {
    New-Item -Path "$policyPath" -Name "$policyKey" -Force
}

# Apply the selected cipher suites to the Group Policy
Set-ItemProperty -Path "$policyPath\$policyKey" -Name $policyName -Value $selectedCipherSuites

# Verify the changes
Write-Output "Cipher Suites have been updated to:"
Get-ItemProperty -Path $regPath -Name "Functions" | Select-Object -ExpandProperty Functions

# Enable SSL Cipher Suite Order policy
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002" -Name "Enabled" -Value 1

# Inform the user to restart the server for changes to take effect
Write-Output "Please restart the server to apply the changes."

# End of combined script

Remediation Round 3: Guest Account Group Membership

The server team removed the guest account from the administrator group. A new scan confirmed remediation, and the results were exported for comparison.

Hide Script
Show Script
<#
.SYNOPSIS
    Toggles guest account Administrators group membership (add vs remove) on the system.
    Please test thoroughly in a non-production environment before deploying widely.
    Make sure to run as Administrator or with appropriate privileges.

.NOTES
    Author        : Josh Madakor
    Date Created  : 2024-09-09
    Last Modified : 2024-09-09
    Version       : 1.0

.TESTED ON
    Date(s) Tested  : 2024-09-09
    Tested By       : Josh Madakor
    Systems Tested  : Windows Server 2019 Datacenter, Build 1809
    PowerShell Ver. : 5.1.17763.6189

.USAGE
    Set [$AddGuestToAdminGroup = $False] to secure the system
    Example syntax:
    PS C:\> .\toggle-guest-local-administrators.ps1 
 #>
 
 # Define the variable to control the action: $True to add the guest account, $False to remove it
$AddGuestToAdminGroup = $False

# Define the local group and user account
$LocalAdminGroup = "Administrators"
$GuestAccount = "Guest"

# Function to add the guest account to the Administrators group
function Add-GuestToAdminGroup {
    if (-not (Get-LocalGroupMember -Group $LocalAdminGroup -Member $GuestAccount -ErrorAction SilentlyContinue)) {
        Add-LocalGroupMember -Group $LocalAdminGroup -Member $GuestAccount
        Write-Output "Guest account has been added to the Administrators group."
    } else {
        Write-Output "Guest account is already a member of the Administrators group."
    }
}

# Function to remove the guest account from the Administrators group
function Remove-GuestFromAdminGroup {
    if (Get-LocalGroupMember -Group $LocalAdminGroup -Member $GuestAccount -ErrorAction SilentlyContinue) {
        Remove-LocalGroupMember -Group $LocalAdminGroup -Member $GuestAccount
        Write-Output "Guest account has been removed from the Administrators group."
    } else {
        Write-Output "Guest account is not a member of the Administrators group."
    }
}

# Check the variable and perform the appropriate action
if ($AddGuestToAdminGroup -eq $True) {
    Add-GuestToAdminGroup
} else {
    Remove-GuestFromAdminGroup
}

Remediation Round 4: Windows OS Updates

Windows updates were re-enabled and applied until the system was fully up to date.

Summary

The remediation process reduced total vulnerabilities by 72%, from 32 to 9 (Excluding Info). Critical vulnerabilities were resolved by the second scan (100%), and high vulnerabilities dropped by 90%. Mediums were reduced by 68%. In an actual production environment, asset criticality would further guide future remediation efforts.

On-going Vulnerability Management (Maintenance Mode)

‍After completing the initial remediation cycle, the vulnerability management program transitions into Maintenance Mode. This phase ensures that vulnerabilities continue to be managed proactively, keeping systems secure over time. Regular scans, continuous monitoring, and timely remediation are crucial components of this phase.

Key activities in Maintenance Mode include:

Scheduled Vulnerability Scans:
Perform regular scans (e.g., weekly or monthly) to detect new vulnerabilities as systems evolve.

Patch Management:
Continuously apply security patches and updates, ensuring no critical vulnerabilities remain unpatched.

Remediation Follow-ups:
Address newly identified vulnerabilities promptly, prioritizing based on risk and impact.\

Policy Review and Updates:
Periodically review the Vulnerability Management Policy to ensure it aligns with the latest security best practices and organizational needs.

Audit and Compliance:
Conduct internal audits to ensure compliance with the vulnerability management policy and external regulations.

Ongoing Communication with Stakeholders:
Maintain open communication with teams responsible for remediation, ensuring efficient coordination.

By maintaining an active vulnerability management process, organizations can stay ahead of emerging threats and ensure long-term security resilience.

Projects