Managing vulnerabilities

Cyber threats arise from vulnerabilities in the ICT infrastructure, applications and/or in the organization of business activities. They can undermine the effective protection of company activities and of company and personal data. Ultimately, these vulnerabilities can threaten the continuity of business operations and even shut down a company. The causes of the vulnerabilities can lie in, for example, the complexity of the digital systems, the lack of “security by design”, incorrect implementation and/or insufficient testing. The causes can also lie with chain partners who supply products, applications and services to the company.

Follow the link on the website of MYOBI, CVD.

Sharing research results

A vulnerability can be noticed by an unknown researcher. If this researcher is in good faith, he will be happy to share the research results with the company. It is important to properly handle the investigator/reporter and the report to prevent the information from falling into unwanted hands before the company can fix the vulnerability.

With a Coordinated Vulnerability Disclosure (CVD) policy, a company can arrange that vulnerabilities identified outside the company are handled in a controlled manner (under your direction). The policy specifies frameworks for documenting and analyzing these vulnerabilities and for quickly resolving them by taking appropriate measures. As a result, the consequences for business operations are limited. On the website, the company states in a CVD Policy how vulnerabilities can be reported and under what conditions.

Embedding in your own organization

Before a company can go public with a CVD Statement, CVD must first be set up in its own organization. After all, promising a researcher to work according to agreements and then not fulfilling them can have the opposite effect, causing the researcher to take other paths to exploit the vulnerability.

How can we help you?

Feel free to contact us via +31 (0) 70 392 22 09 or info@duthler.nl. Make an appointment with André Biesheuvel, the CVD service owner, or a professional from his team.

Download the white paper here

Download here the white paper ‘Coordinated Vulnerability Disclosure (CVD)’

A company has to make choices about how it wants to organize CVD. If there is little knowledge and/or capacity available, it can be decided to outsource the process. You can also opt for partial outsourcing and supplementing your own knowledge through training.

We can support you with:

  • Supporting the preparation of a business case to explore possibilities and make informed decisions;
  • Drawing up an internal CVD policy and an external CVD policy;
  • Developing roles, tasks and powers;
  • Drawing up a procedure to handle a report properly and in a timely manner, including documentation and reporting;
  • Making agreements with experts to be available on demand when dealing with a vulnerability such as technical IT knowledge and legal knowledge;
  • Training employees to perform roles; and
  • Maintaining contact with the reporter.

Most companies use cloud service providers to support business processes with IT products and services that effectively organize business operations. Most cloud services, the company offers a range of professional controls targeting, for example, the NIST CyberSecurity Framework Core, April, 2018.

MYOBI Trust Network adds to this NIST framework the management of vulnerabilities in company IT products and services identified by researchers; a Coordinated Vulnerability Disclosure.

Most companies use cloud service providers to support business processes with IT products and services that effectively organize business operations. Most cloud services, the company offers a range of professional controls targeting, for example, the NIST CyberSecurity Framework Core, April, 2018.

MYOBI Trust Network adds to this NIST framework the management of vulnerabilities in company IT products and services identified by researchers; a Coordinated Vulnerability Disclosure.

Do you have questions or need an appointment?

Feel free to contact us via +31 (0) 70 392 22 09 or info@duthler.nl. Or contact our specialists below.