Vulnerability Risk Mitigation Tool (VRMT)

Term

Definition

Accountability

In a VRMT sense the term lends its meaning from the Responsibility Assignment Matrix (RACI). It defines the person or function who is ultimately answerable for the task or deliverable and ensures proper execution by the responsible. Concretely, the accountable signs off the work carried out by the responsible. VRMT regularly defines accountable functions, to which only one user can be assigned as opposed to the responsibility function.

Attribution

A multi-step process of VRMT that adds additional information to XML alert files. This additional pieces of information facilitate (1) to assess the impact of vulnerabilities to the specific IT environment and (2) route this information to the responsible recipients.

In detail:

• source files are enriched with static information derived from source file attributes via Backend Rules. This adds new information primarily about the IT environment.
• enriched files are further transformed via Rule Manager to reflect detailed information about the vulnerability impact and the recipients within the organization who will ultimately decide about patching the weakness (accountability, responsibility).

IT Systems Map

The taxonomy of business-critical systems, networks as well as applications to the soundness and robustness of the company to serve its business purpose.

File Manager

Interface of VRMT primarily used to manually upload XML formatted files. During upload all files are checked for consistency, that is, whether they comply with XML file structure requirements

Organizational Structure

The setup of a business entity that defines how activities such as task allocation, coordination and supervision are directed toward the achievement of organizational aims. Among others, there a functional, divisional, matrix and virtual structures used.

In VRMT terminology the Organizational Structure is composed of

• Responsibility
• Accountability

Responsibility

In a VRMT sense the term adopts its meaning from the Responsibility Assignment Matrix (RACI). It defines the people or functions who actually perform the work to complete the task delegated from the an accountable person or function. VRMT regularly defines a function coupled with a CISM group and department to which one or many persons may be assigned. Therefore, a Responsibility in that sense requests that at least one person is assigned to it.

VRMT  Operating Model

Company specific information fed into VRMT that helps it identify the

• IT Systems Map and
• Organizational Structure.

This information is instrumental in the swift management of IT weaknesses and an accellerated patch application.

Vulnerability Management (VM)

Pursues the goal of identifying, classifying, prioritizing, remediating and mitigating software vulnerabilities in an effective and efficient manner.

Vulnerability Risk Mitigation Tool (VRMT)

A software tool that helps to reflect company security policy to efficiently manage IT vulnerabilities. It leverages theVRMT  Operating Model to attribute systems with adequate priorities and distribute alerts to the right contact so that fixes can be applied quickly.