Editing Computer security (section)

===Vulnerability management===
{{main|Vulnerability management}}

Vulnerability management is the cycle of identifying, fixing or mitigating [[Software vulnerability|vulnerabilities]],<ref>{{cite book |last=Foreman |first=Park |title=Vulnerability Management |date=2009 |publisher=Auerbach Publications |isbn=978-1-4398-0150-5 |publication-place=Boca Raton, Fla. |page=1}}</ref> especially in software and [[firmware]]. Vulnerability management is integral to computer security and [[network security]].

Vulnerabilities can be discovered with a [[vulnerability scanner]], which analyzes a computer system in search of known vulnerabilities,<ref>{{Cite book |last=Johnson |first=A. |url=https://books.google.com/books?id=FxRbDwAAQBAJ&q=Vulnerabilities+can+be+discovered+with+a+vulnerability+scanner,+which+analyzes+a+computer+system+in+search+of+known+vulnerabilities&pg=SA5-PA83 |title=CCNA Cybersecurity Operations Companion Guide |date=2018 |publisher=Cisco Press |isbn=978-0-13-516624-6 |language=en}}</ref> such as [[open port]]s, insecure software configuration, and susceptibility to [[malware]].  In order for these tools to be effective, they must be kept up to date with every new update the vendor release.  Typically, these updates will scan for the new vulnerabilities that were introduced recently.

Beyond vulnerability scanning, many organizations contract outside security auditors to run regular [[penetration test]]s against their systems to identify vulnerabilities. In some sectors, this is a contractual requirement.<ref>{{cite book |last1=Calder |first1=Alan |title=PCI DSS: A Pocket Guide |last2=Williams |first2=Geraint |publisher=IT Governance Limited |year=2014 |isbn=978-1-84928-554-4 |edition=3rd |quote=network vulnerability scans at least quarterly and after any significant change in the network}}</ref>