Creating a Comprehensive Vulnerability Assessment Program for a Large Company Using QualysGuard
Last updated on: September 6, 2020
Independent author Tim Proffitt writes his thesis, as part of his GIAC certification requirements, on how large companies should implement a Vulnerability Assessment Program using QualysGuard. The white paper is hosted in the SANS Institute Reading Room, and provided by SANS as a resource to benefit the security community at large.
In this paper Tim Profitt provides a step-by-step guide for implementing a Vulnerability Assessment Program using QualysGuard, including background and recommendations on how to:
– Create Security Policies and Controls
– Categorize Assets
– Discover Assets
– Configure Hosts and Assets
– Configure Scan Details
– Report on Your Results
– Rank Your Risks and Remediate
– Handle Verification and False Positives
– Meet Compliance