Vulnerability monitoring activities include review to confirm that actions taken in response to cybersecurity vulnerabilities were effective
Context and Guidance: After a response has been made to address a vulnerability (such as deployment of patches), monitoring is conducted to make sure that the response has been effective. Methods to confirm effectiveness will vary depending on resources available to the cybersecurity program and the type of treatment chosen for a vulnerability. For example, if an operating system vendor has disclosed the presence of a vulnerability the organisation may choose to remediate the vulnerability and apply a patch. Afterward, a vulnerability scan could be used to confirm that the vulnerability has been resolved on affected systems. Advanced cybersecurity techniques such as threat hunting and active defense also can be used as methods of verification.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: THREAT-1d, THREAT-1g, THREAT-1l.