Vulnerability Naming Schemes Help IT Manage, Minimize System Weaknesses

John Storts
Slide Show

10-Step Security and Vulnerability Assessment Plan

Use this plan to ensure your information system controls are correctly implemented.

When it comes to IT system weak spots, having a standard set of names to identify them can mean the difference between a quick, coordinated remediation and a disorganized, time-consuming work stoppage.


The goal of a vulnerability naming scheme is to give standardized, "friendly" names to common IT system weaknesses, such as "security configuration issue" or "operating system software flaw," so that organizational system security management tools (vulnerability and patch management software, vulnerability assessment tools, anti-virus software and intrusion detection systems) reference such weaknesses the same way so that they are interoperable. Interoperability among these tools lessens the risk of delays and inconsistencies in vulnerability assessment, reporting, decision-making and remediation.


The National Institute of Standards and Technology has provided a guide to two common types of vulnerability naming schemes: Common Vulnerabilities and Exposures (CVE), and Common Configuration Enumeration (CCE). Use the recommendations and information in this guide to implement a naming scheme in your organization so you can quickly and consistently identify system weaknesses and hunt down remediation information should a problem arise.


Related Content

Security Assessment Policy Template

The Social Engineering Factor in Security Breaches

Technical Guide to Information Security Testing and Assessment

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.