Haber and Hibbert give readers a grand tour of the vulnerability management landscape in 24 chapters.
Three somewhat longer chapters are noteworthy. Chapter 2, “The Vulnerability Landscape,” contains the usual suspects, with the biggest focus on social engineering, ransomware, and insider threats. Chapter 14, “Vulnerability Management Development,” discusses the scope, tool selection, the management process, common mistakes and challenges, and building a plan. Chapter 15, “Vulnerability Management Deployment,” covers some major topics: network scanners, dealing with authentication, and many other practical considerations.
The book ends with chapters on “Making It All Work,” “Tales from the Trenches,” “Final Recommendations,” and “Conclusion.” There are also two appendices: a sample request for proposal (RFP) and an RFP spreadsheet. “Tales from the Trenches,” a series of stories from the vendor’s point of view, was a surprise; I would expect a client-side view. The sample RFP and RFP spreadsheet are also significant; I was not expecting such in an otherwise broad but shallow presentation of the topic.
The book includes nothing striking, new, or insightful. On the other hand, there are no clear oversights. It is a decent introductory tour of the vulnerability management landscape. However, don’t assume that you are good to go “touring” with just the book and its RFP and spreadsheet.
More reviews about this item: Amazon, Goodreads