Abstract

Information security systems have vulnerabilities; there is no way to prevent that. It is, however, possible to minimize the scope of the impact of the vulnerabilities. As a vulnerability manager, one evaluates the current state of vulnerabilities, potential mitigations, and the potential impact upon an organization as they are discovered or new information about vulnerabilities becomes available. The research done as part of vulnerability management provides an individual with a wide range of skills that can be leveraged to move into other roles should one want to.