We were dealing with a situation where we ran monthly vulnerability scans but we hardly acted on any reported vulnerabilities. The fact that Nessus is not meant for dealing with situations where all vulnerabilities are not addresses in between scans was not helpful. We developed an approach where we can prioritize addressing our vulnerabilities and don’t have to re-assess them between scans. In this session we would describe our approach and solution we developed and plan on improving.


Anna Machaj

Assoc. Director, IT Security, Douglas College