ABSTRACT
This chapter explores vulnerability management (VM) at a very high level in the organization where business strategy and technology strategy are considered in more abstract terms. It describes VM as it guides business and technology strategy. The chapter discusses how VM, in the risk mitigation role, finds emerging vulnerabilities in existing strategies. The conditions in the information technology (IT) operating environment are a critical factor in the structure and conduct of the VM process. There are two components to the IT environment, the internal area and the external one. The internal area includes all aspects of the business and related technology operations. The external business area presents factors outside of the business IT activities that affect operations and security posture. A mitigation plan has been turned into a competitive advantage. It was not deployed until there was a competitive threat because the support costs were higher and profit margins lower.
