The more apps companies deploy, the more complicated vulnerability management becomes. In the rush to find every security hole and seal it off from potential hackers, it's easy to let something important slip through. That's especially true if you're an IT administrator juggling several tasks of which security is one.

Security practitioners can't catch everything. But by breaking vulnerability management down to the basic parts, it may be possible to mount a more effective defense. CSO attended SANS Boston 2010 last month in search of those basics. What follows is the first of a three-part series on vulnerability management, based on a training session taught by SANS Institute President Stephen Northcutt called "SANS Security Leadership Essentials for Managers with Knowledge Compression."

Before getting into all the vulnerability management tools and techniques, which we'll cover in the next two articles, we begin by getting to the bottom of what vulnerability management is.

The link for this article located at CSO Online is no longer available.