Efficient Vulnerability Management Process in the Military

Abstract

Reducing vulnerabilities is one of the most effective ways to minimize the cyber risks that can occur to information systems. Given the characteristics of the military environment, particularly in operating a wide variety of information systems and dealing with critical information on national security, clear / concise management procedures are needed that enable more realistic and direct action to identify and address vulnerabilities. Also, five requirements for the efficient vulnerability management procedure in the military are proposed as follows: (i) quickness, (ii) continuousness, (iii) clearness, (iv) interdependence, and (v) completeness. By considering all information, this paper suggested 5 phases for the vulnerability management process in military: (i) Framing; (ii) Identification; (iii) Assessment; (iv) Remediation; and (v) Verification. In addition, the three-tiered concept was applied to the efficient management of the vulnerabilities, taking into consideration the characteristics of the organization with clear hierarchical relationships. As a result, it will contribute to reduce the cyber risk in the defense area, by presenting the specific procedures for vulnerability management in each hierarchical organization.