What Needs to Be Secured–>Policy Management
Policy management supports creation and management of the policies that define what needs to be secured across the enterprise.
Gather All My Data–>Data Integration, Consumption, and Correlation
Data integration, consumption, and correlation supports gathering information about an enterprise’s IT assets that often reside in a variety of disparate systems.
What’s On My Networks–>Asset Inventory and Configuration Management
Asset inventory and configuration management utilizes all the data that has been gathered to provide an accurate and up-to-date understanding of what’s deployed on the networks.
Am I Compliant–>Compliance Assessment
Compliance assessment utilizes asset inventory and configuration management as well as other audit and scan data to determine if assets are compliant against enterprise security policies.
What Am I Vulnerable to–>Vulnerability Management
Vulnerability management identifies which assets are exposed to what vulnerabilities and helps to prioritize vulnerabilities based on their potential impact to the enterprise.
Remediate Findings–>Remediation and Exception Management
Remediation and exception management supports the remediation/mitigation of non-compliant items and vulnerabilities as well as providing the capabilities to define exceptions and defer fix actions, e.g. POA&Ms.
What’s My Risk–>Risk Management
Risk management scores the enterprise based on overall security posture and risk using information on what’s been fixed, what hasn’t been addressed, and operational impact as well as taking into account what’s unknown.
photo credit: Emergency Response Coordination Centre from the inside via photopin (license)