Vulnerability Response (VR)

Adoption Journey

Outcomes & Metrics

Maturity Level 1: Modernize

Consumer

Phase

Capabilities

Value

Vulnerability Managers, IT Operations, CSO, CISO

Unify Response

Faster Vulnerability Response

Vulnerability Management

Reporting & Dashboards

Outcomes

Metrics

• Single system of record/action
• Immediate Automated vulnerability assignment & prioritization
• Immediate Improved visibility
• Immediate Improved accountability
• Immediate Increased productivity
• Immediate Prioritization and focus on riskier vulnerabilities 1st (faster risk reduction)

• # of Vulnerabilities Ingested
• # of Vulnerabilities remediated
• # of Vulnerability related change reqs. completed
• SLA metrics

Maturity Level 3: Innovate

Consumer

Phase

Capabilities

Value

Vulnerability Managers, IT Operations, CSO, CISO

Intelligent Automation

Enterprise Protection

Threat Sharing

Automated Remediation

Outcomes

Metrics

• Complete vulnerability single system of record w/ all customer used scanners
• Complete reporting & dashboarding w/ advanced trending
• Complete customer defined deferral / risk acceptance methodology integrated into SNOW

• # of unmatched assets
• # of assets without owners
• # of imported VIs consistent with scanner (before de-duplication)
• Vulnerability metrics by business service and service owner
• Vulnerability metrics on GRC dashboard

Maturity Level 2: Transform

Consumer

Phase

Capabilities

Value

Vulnerability Managers, IT Operations, CSO, CISO

Business Integration

Improved Situational Awareness

Reporting & Dashboards

Outcomes

Metrics

• All remediation actions have a coinciding change request using the existing company methodology in ServiceNow
• Complete vulnerability assignment supporting based on customer defined methodology w/ no gaps
• Complete vulnerability lifecycle management
• Maturing of CMDB w/ scanner discovered assets

• # of scanner identified assets
• # of Vulnerabilities Ingested from all scanners
• # of Vulnerabilities remediated from all scanners
• # of Vulnerability related change reqs. completed
• Complete SLA metrics
• Complete visibility on VM program trending & analytics

Int. with Incident, Problem & Change

Risk &

Impact

Awareness

Business Prioritization

Maturity Level 1

Maturity Level 2

Maturity Level 3