Why Your Nonprofit Needs a Zero-Day Vulnerability Plan
These vulnerabilities can exist in all software, including applications (e.g., Adobe Flash and Java) and operating systems (e.g., Microsoft Windows, Mac OS X, and Linux). While the holes can be closed by applying patches and updates, many times an update or patch isn’t available when the vulnerability is discovered. These are called zero-day vulnerabilities.
It may seem like there’s not much you can do if a patch or update isn’t available yet. But creating and implementing a zero-day vulnerability plan will help your nonprofit respond quickly and effectively to each new threat.
How to Create an Effective Zero-Day Vulnerability Plan
Start by determining (and documenting) the sources you will use to stay up-to-date on new vulnerability discoveries, and who will responsible for monitoring them.
Next, outline the process that should be followed every time a new vulnerability is discovered. Record:
- Who will determine whether your organization is exposed
- The process for obtaining and applying the necessary patches, if they are available
- The process for following up to obtain and apply patches and updates that aren’t available at the time of discovery
- The process for documenting the steps taken to address each vulnerability that affects the organization
Zero-day vulnerabilities are a relatively new but very prevalent threat. And while all organizations are at risk, many don’t have a plan in place. Establishing and following a plan will help your organization minimize its risk.
Lisa is a partner at CapinTech. She uses her more than 30 years of experience to assist organizations in implementing measures to secure data and manage risks efficiently and effectively. She is a nationally recognized speaker and author, and serves on the AICPA Cybersecurity Task Force. Lisa founded Traina & Associates in 1999 to provide IS security services to a broad range of industries. Traina & Associates joined CapinCrouse in January 2017 and is now CapinTech.