Skip to content

cheiben/Vulnerability-Management-Program

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 

Repository files navigation

Vulnerability Management Program

This project documents the end-to-end implementation of a comprehensive vulnerability management program within an organization - from policy creation to successful remediation.

Vulnerability Management Lifecycle

Project Overview

Starting Point: Organization with no existing vulnerability management policy or practices
End Goal: Fully operational program with formal policy, stakeholder buy-in, and completed remediation cycle

Technology Stack

  • Tenable - Enterprise vulnerability management platform
  • Azure Virtual Machines - Hosting Nessus scan engine and scan targets
  • PowerShell & BASH - Remediation scripting

Implementation Phases

1. Policy Development

The foundation of the program began with creating a comprehensive vulnerability management policy draft outlining scope, responsibilities, and remediation timelines.

2. Stakeholder Engagement & Policy Refinement

A stakeholder meeting was conducted to present the draft policy to the server team. Based on feedback, remediation timelines were adjusted to be more realistic - extending critical vulnerability remediation from 48 hours to one week.

3. Policy Finalization

image

After incorporating stakeholder feedback, the finalized policy received senior leadership approval, establishing the official framework for the program.

4. Initial Scan Planning

An initial scan planning meeting with the server team established scan protocols, including:

  • Starting with a single server to assess performance impact
  • Using just-in-time Active Directory credentials for secure access
  • Setting specific scan windows to minimize business disruption

5. Initial Vulnerability Discovery

An insecure Windows Server was provisioned as a test environment, and an authenticated scan was performed to establish a vulnerability baseline. The initial scan results identified 174 vulnerabilities of varying severity.

image

6. Vulnerability Assessment & Prioritization

Vulnerabilities were assessed and prioritized based on severity and ease of remediation:

  1. Third-party software removal (Wireshark)
  2. Windows OS secure configuration (protocols & ciphers)
  3. Windows OS secure configuration (guest account group membership)
  4. Windows OS updates

7. Remediation Distribution

Remediation scripts and scan reports were distributed to the server team via a detailed remediation email, providing clear instructions and expected outcomes. image

8. Post-Scan Review

A post-scan review meeting was held with the server team to discuss findings, remediation approaches, and to prepare change requests for the Change Advisory Board (CAB).

9. Change Management

A CAB (The Change Control Board) meeting approved the remediation plan, which included rollback provisions and a phased implementation approach to minimize risk.

10. Remediation Implementation

Round 1: Wireshark Removal

Round 2: Protocol & Cipher Security

image

Round 3: Guest Account Security

image

Round 4: Windows Updates

  • Windows Update was re-enabled and all available updates were applied
  • Final scan confirmed remediation success

Remediation Results

The remediation effort achieved significant security improvements:

  • 80% reduction in total vulnerabilities (from 30 to 6)
  • 100% elimination of critical vulnerabilities
  • 90% reduction in high-severity vulnerabilities
  • 76% reduction in medium-severity vulnerabilities

Remediation Results

Detailed remediation metrics are available in the remediation data spreadsheet.

Ongoing Vulnerability Management

image

Following the initial remediation cycle, the program transitioned to a maintenance mode characterized by:

  • Regular scheduled vulnerability scans
  • Continuous patch management
  • Prompt remediation of newly identified vulnerabilities
  • Periodic policy reviews and updates
  • Compliance monitoring and auditing
  • Ongoing stakeholder communication

The finalized policy details the specific scanning and remediation cadence requirements for ongoing management.

About

The end-to-end implementation of a comprehensive vulnerability management program within an organization - from policy creation to successful remediation.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors