ISO 27001 Annex : A.12.6 Technical Vulnerability Management
ISO 27001 Annex : A.12.6 Technical Vulnerability Management Its objective is to avoid technological vulnerabilities from being exploited. A.12.6.1 Management of Technical Vulnerabilities Control- Information on technological vulnerabilities of information systems used should be obtained in a timely manner, the exposure of the organization to such vulnerabilities should be assessed and appropriate measures taken to address the risk involved Implementation Guidance – An up-to-date and comprehensive asset inventory is necessary for the effective management of technical vulnerability ( see Clause 8 ). The software vendor, version numbers, current installation status ( e.g. what the software on which systems are installed), and the person(s) within the organization responsible for the software are included in the basic details required to support technological vulnerability management. Related Product : ISO 27001 Lead A...