Planning

This chapter details the checklists, plans, strategies, and advice to develop a complete vulnerability management (VM) program in a large, globally distributed company. The VM program charter is a very important document that sets the goals and objectives of the program as well as the business rationale. Business value must be articulated up front in the introduction of a charter. Another part of the charter is a description of the program goals and objectives. The scope section of a document will articulate the extent of the project in terms of: resources required, networks and hosts affected, locations affected physically and logically, and so on. The business case should focus on risk management practice and not on quantifying probabilities. Requirements document will align the goals, processes, and systems in the organization with the functional capabilities of the target solution. These requirements may extend beyond system specification and include the related processes that must be developed or changed.