CIS-VR Certified Implementation Specialist - Vulnerability Response Questions and Answers

Third Party Entries

NVD

CWE

Vulnerable Items

Tenable

MITRE

NIST

Qualys

Vulnerability groups

Third Party Entries

Vulnerable Items

Vulnerable Software

Security Analysts

Customers

CIO/CISO

Fulfillers

Workflow Mappings

Risk Indicators within GRC

Service Catalog

Knowledge Base

Field

Sum

Operator

Value

Enterprise risk trending

Automated prioritization

Manual operations

Improved remediation

Permanently removes the item from the list of Active Vulnerable items

Move the item to the Slushbucket

Has no impact on the list of Active Vulnerable Items

Temporarily removes the item from the list of Active Vulnerable items

Perfect opportunity for process improvement

Understand their internal process

Build the Flow/WorKflow directly into the platform

No advantage

Decouple the use of the grouping from the definition of the grouping

Build criteria once

Reuse criteria in a variety of places

All of the above

Recommend that the client purchase the full Performance Analytics package.

Ask the CISO.

Work with the customer to identify the things that will be most useful to them.

Use the standard out of the box reports only.

sn_vul.autocreate_vul_filter_group

sn_vul.autocreate_vul_approval_group

sn_vul.autocreate_vul_group_item

sn_vul.autocreate_vul_centric_group

Create CI from Vulnerable Group Details

Create CI from Closed Item Details

Determine CI from Network Details

Create CI from Vulnerable item Details

Update the values in the Vulnerability Score Indicator (VSl) based on the criticality of the Vulnerability.

The VI remains active and in place until the Scanner rescans and closes the VI.

Mark the CI as exempt from the Vulnerability if the vulnerability was remediated.

Compare the Vulnerability with subsequent scans.

Create a Problem

Create a Security Incident

Create a KB article

Create a Change