Vulnerability Management Assessment

1. Use SCCM and SQL reporting tool

1.1. MS reports https://docs.microsoft.com/en-us/mem/configmgr/core/servers/manage/operations-and-maintenance-for-reporting

2. Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table –AutoSize > C:\Users\Lori\Documents\InstalledPrograms-PS.txt

3. Prepare a command to list all Installed APPs and save it as text file

4. MS reporting prerequisites https://docs.microsoft.com/en-us/mem/configmgr/core/servers/manage/configuring-reporting

5. Review

5.1. Interview team members

5.1.1. Harem Awad

5.1.2. EUS team manager

5.1.3. EUR EUS manager

5.1.4. AMR EUS manager

5.1.5. APAC manager

5.2. Known cases

5.2.1. F5 case 2021

5.2.2. F5 case 2020

5.2.3. Pulse secure 2020

6. Check VCM reports

6.1. Found CVEs to be checked and analyzed

6.2. Risk of using vulnerable Drivers

6.3. Risk of using vulnearbale BIOS

6.4. Check MITR

7. Check more servers

7.1. Use the FW to list enumerate the SWs

7.1.1. Check if possible to do assist inventory with FWs

7.1.2. Check Host FW capability to enumerate SWs

8. SANS VMMM

8.1. Could VM road map

8.2. Work shop to assess VM roadmap

9. Enhancements

9.1. Reward good teams

9.1.1. Quarter announcement of a fast responder to the vulnerabilities.

9.1.2. Especial focus on Dev. Team

9.2. Saudezation

9.3. Assess inventory act Sabic not mature

10. CIS stander to benchmarks

10.1. MS Exchange

10.2. VMware

10.3. Databases SQL/ORACAL

11. Reduce attacking surface

11.1. Use Windows core edition

11.2. Use MS Nano Servers

12. Email

12.1. Use of the Symantec Tool to scan

12.2. Benchmark Exchange config.

12.3. Quarantine not protected by mfA

12.4. Legal

12.4.1. Recall actions

12.4.2. Retention policy

12.4.3. Not supportin TFA could be GDPR violuation