Common Vulnerabilities and Exposures (CVE) | Overview | Why Information Security Policies are Important
38. What is the Common Vulnerabilities and Exposures and why are information security policies and procedures so important today, and do you offer comprehensive I.T. security documentation (CVE)?
The Common Vulnerabilities and Exposures – simply known as CVE – is a dictionary of publicly known information security vulnerabilities (i.e., names and “identifiers). According to CVE (cve.mitre.org), “common identifiers make it easier to share data across separate network security databases and tools, and provide a baseline for evaluating the coverage of an organization’s security tools”.
For example, if a security report from an organization’s actual security tools incorporates CVE Identifiers, one can then quickly and accurately access relevant information from the CVE-compatible databases to remediate the issue. Launched in 1999, some of CVE’s more notable concepts are the following: (1). One name only for any one vulnerability or exposure. (2). One standardized description for each such vulnerability or exposure. (3). A dictionary, rather than a database. (4). Excellent for security interoperability. (5). It’s free and is industry endorsed.
CVE and Information Security Policies | A Win-Win for I.T.
It’s yet another great resource that all I.T. departments should strive to utilize for ultimately helping ensure the confidentiality, integrity, and availability (CIA) of one’s network. Regarding the safety and security of an organization’s I.T. assets and information, the very first place to truly start regarding this endeavor is by implementing comprehensive, enterprise-wide information security policies and procedures. After all, regulatory compliance demands it, it’s a great best practices procedure to implement, and management fully expects I.T. departments to document critical policies and procedures.
So where do you find these documents – from FLANK – an industry leader in offering the FLANK21 set of documents containing literally hundreds of operational, business specific, and information security templates, provisioning and hardening documents, and much more.