Glossary

Vulnerability Management

Continuous process of identifying, evaluating and remediating vulnerabilities in systems.

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

Vulnerability management is the continuous, cyclical process of identifying, evaluating, prioritising and remediating security vulnerabilities across an organisation's systems, applications and infrastructure. It goes beyond one-off assessments by establishing an ongoing programme that includes regular scanning, risk-based prioritisation, remediation tracking and verification. A mature vulnerability management programme integrates with change management, patch management and incident response processes.

Effective vulnerability management requires clear ownership, defined SLAs for remediation based on severity, and regular reporting to stakeholders. Organisations should leverage automated tools for continuous scanning whilst applying contextual risk analysis to prioritise remediation efforts. By maintaining a current view of their vulnerability landscape, organisations can reduce their attack surface systematically and demonstrate due diligence to auditors and regulators.

Related Frameworks

Related Terms

Vulnerability AssessmentVulnerability ScanThreat IntelligenceVersion Control

W

Z

Back to all terms