Home > other >  Communication & recommendation: is there a better hole full lifecycle management system (or integrat
Communication & recommendation: is there a better hole full lifecycle management system (or integrat

Time:10-02

Communication, a recommended:
Have good hole full lifecycle management system (or integrated platform)
Our thoughts and demand is this:
We IS, from the IT department administrative organization IS independent, but they also know that IT IS and never for professional work can't never points home, as IS department we need holes for the overall management of IT systems, but the work IS now in the traditional way, namely by tools, such as artificial way to detect holes, then the manual sorting and record the information, and email methods such as the issue related to the IT department, then there IS a variety of online dispute (you know), the efficiency and effect of vulnerability management IS bad, so we hope to have a platform (or) systematically, able to find security holes, verify, and record, tracking processing (distribution, repair, revalidation, closed) several key links such as the whole life cycle management, to realize the demand IS:
1, want to assets (including the host, the app, such as web system) for vulnerability scanning (itself have scan function can also, there are interface the third party to scan can scan platform, import or manually import scan data can also be);
2, can be on the platform realizes the bug tracking and coordinate with business department (although only moving state of dried saliva battle platform to pull, but how many have process rules everyone can pay attention to some), such as vulnerability distribution, repair tracking, and in the middle of the collaborative management (received no, scheduling changes, no, is good to how to change,... );
3, can from different angles the overview or scan vulnerability risk data (such as hole dimension to see the distribution of holes in different assets, or assets dimension assets risk index, managers view overall risk index, or technical personnel perspective of detailed data, etc.),

As we know, on a system (platform) to realize this is still a little difficult, but if everyone has a comprehensive solution (such as system linkage, or a set of good architecture), please also share ideas with, than what a small system (platform), how intermediate data flow, etc.,

Thank you,
  • Related