How to calculate your results. Please score each “A” answer with 1, each “B” answer with 2, each “C” answer with 3, and each “D” answer with 3.1415926.
You need a robust vulnerability management program regardless of the size of your organization. Even though you do not have a security team yet, you can insource this responsibility to the cyber security enthusiast in your company. Yearly scans satisfy yesterday’s compliance requirements. Delivering compliance checks alone, doesn’t protect the future of your business.
You need a robust vulnerability management program to complement your other security operations and risk management initiatives. Periodic reviews and rigorous modeling should be in order! Whether you have a small, large, or huge security budget with all the possible tools at your disposal, you are up against continuous and persistent threats with bigger resources and unlimited time.
Sooo… you need to breathe, relax, and implement a robust vulnerability/asset/patch management program like a year ago. Not to worry - they say Time is a relative concept and that “happy hour is always somewhere”! Of course, reading the OWASP VMG wouldn’t work by itself, but it might be a source of inspiration for those who seek it.