{"title":"大型企业中漏洞管理的最佳实践:对通用漏洞评分系统的批判观点","authors":"Jaqueline Hans, R. Brandtweiner","doi":"10.2495/ssr220101","DOIUrl":null,"url":null,"abstract":"Over the past decade, enterprises have been increasingly suffering from attacks conducted by cybercriminals. Potential losses are not only reflected on their revenue or stolen data, but also on their damaged reputation. Most often, these attacks were possible due to the successful exploitation of vulnerabilities within the company’s system. Many of such attacks could have been mitigated, if responsible actors took the right actions related to the management of such vulnerabilities. This paper aims to summarize good practices regarding vulnerability management, with essential focus on the matter of prioritization. For this, several vulnerability scoring systems such as the Common Vulnerability Scoring System were analyzed according to the way they are portrayed in scientific literature. It will also analyze non-technical, human factors as well by reflecting on organizational aspects. The aim is to provide an overview about the options large enterprises have in this regard and to inform about potential consequences they could face. It will also reflect on the problematic behind the trade-off between investing enough in a cybersecurity foundation, while simultaneously remaining profitable.","PeriodicalId":23773,"journal":{"name":"WIT Transactions on the Built Environment","volume":"1 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2022-12-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"BEST PRACTICES FOR VULNERABILITY MANAGEMENT IN LARGE ENTERPRISES: A CRITICAL VIEW ON THE COMMON VULNERABILITY SCORING SYSTEM\",\"authors\":\"Jaqueline Hans, R. Brandtweiner\",\"doi\":\"10.2495/ssr220101\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Over the past decade, enterprises have been increasingly suffering from attacks conducted by cybercriminals. Potential losses are not only reflected on their revenue or stolen data, but also on their damaged reputation. Most often, these attacks were possible due to the successful exploitation of vulnerabilities within the company’s system. Many of such attacks could have been mitigated, if responsible actors took the right actions related to the management of such vulnerabilities. This paper aims to summarize good practices regarding vulnerability management, with essential focus on the matter of prioritization. For this, several vulnerability scoring systems such as the Common Vulnerability Scoring System were analyzed according to the way they are portrayed in scientific literature. It will also analyze non-technical, human factors as well by reflecting on organizational aspects. The aim is to provide an overview about the options large enterprises have in this regard and to inform about potential consequences they could face. It will also reflect on the problematic behind the trade-off between investing enough in a cybersecurity foundation, while simultaneously remaining profitable.\",\"PeriodicalId\":23773,\"journal\":{\"name\":\"WIT Transactions on the Built Environment\",\"volume\":\"1 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-12-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"WIT Transactions on the Built Environment\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2495/ssr220101\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"WIT Transactions on the Built Environment","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2495/ssr220101","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
BEST PRACTICES FOR VULNERABILITY MANAGEMENT IN LARGE ENTERPRISES: A CRITICAL VIEW ON THE COMMON VULNERABILITY SCORING SYSTEM
Over the past decade, enterprises have been increasingly suffering from attacks conducted by cybercriminals. Potential losses are not only reflected on their revenue or stolen data, but also on their damaged reputation. Most often, these attacks were possible due to the successful exploitation of vulnerabilities within the company’s system. Many of such attacks could have been mitigated, if responsible actors took the right actions related to the management of such vulnerabilities. This paper aims to summarize good practices regarding vulnerability management, with essential focus on the matter of prioritization. For this, several vulnerability scoring systems such as the Common Vulnerability Scoring System were analyzed according to the way they are portrayed in scientific literature. It will also analyze non-technical, human factors as well by reflecting on organizational aspects. The aim is to provide an overview about the options large enterprises have in this regard and to inform about potential consequences they could face. It will also reflect on the problematic behind the trade-off between investing enough in a cybersecurity foundation, while simultaneously remaining profitable.