9. Demonstrate the steps to be taken when a vulnerability has been identified (AC 2.2)

The first step after you identify a vulnerability, is notifying the relevant teams within the organisation, this is called an escalation. This might follow a internal escalation procedure, which may involve conveying this information to IT security personnel, system administrators, or management. The second step is all about priorities. Not all vulnerabilities are a major threat to the organisation. Each vulnerability needs to be evaluated and treated accordingly. What determines how an organisation responds depends on several factors, such as: Severity: Using CVSS to score the vulnerability based on their potential impact. Scores range from 0 to 10, with 10 being the most severe. Exploitability: Is this vulnerability just a flaw in the system, or is it something the attacker can exploit to harm the organisation? Business impact: Can this vulnerability disrupt operations, affect critical systems or sensitive data? Compliance requirements: Some vulnerabilities need to be addressed urgently to comply with regulations such as GDRP and PCI-DSS(Payment Card Industry Data Security Standard) Third step will usually involve deciding on the right mitigation strategy. Now that the priority of the vulnerability is decided. Mitigation strategy neds to be chosen. This can involve: Applying patches or updates, configuring security controls - firewall rule or intrusion detection systems, deploying anti-malware solutions, or implementing temporary workarounds - like disabling a feature that's allowing this vulnerability to exist. After a strategy is chosen, the next step - four, is applying the security measures that were chosen. This could be any of the listed above. All changes should be well documented. Depending on the organisation, they might have a Change Management Procedures, if so, the procedures need to be consulted to ensure that the new security measures do not introduce new issues or conflicts. Step five: Retesting and verification. It's very important do run tests on the affected systems to make sure that the vulnerability has been successfully addressed. This can look something like this: Rerunning vulnerability scans, conducting penetration testing, and or monitoring system logs and alerts. Many companies have some sort of post-remediation review processes as part of their security policies. This aims to make sure that the vulnerability have been completely resolved.