Vulnerability Assessment Best Practices – How To Be One Step Ahead of Attackers (From Identification To Budget approval)

Vulnerability Assessment Best Practices - How To Be One Step Ahead of Attackers (From Identification To Budget approval)

This post was written by our founder and first appeared on Linkedin here

The classic vulnerability assessment process doesn’t work! It’s just too slow.


By the time you’ve finished your patching and remediation 6 – 12 months have passed and you are again one step behind the bad guys.


I wanted to show you how you can make your vulnerability assessment process work. By being efficient and quick enough!

three phases of risk assessment

Phase 1: Streamline Your Processes

  • Identification
  • Analysis
  • Risk Assessment
  • Remediation

In order to be efficient and be quick enough, use technological platforms that streamline the entire process. When the process is clear and has a defined structure and roles, it will go much quicker without the usual delays.

At Boardish, we recommend using our business partners 360inControl® for phase 1 of the process.

Phase 2: Planning Necessary Resources

This is where many companies get it wrong, the vulnerability assessment process MUST include the resources you need to resolve the issues you find. To be able to deliver the remediation part, in most cases you WILL find issues to solve and you must be ready with solutions, as part of your methodology and process.

  • Solutions – Software & Hardware
  • Expert Costs – The People you need to deploy and maintain your solutions

Then QUANTIFY the solutions and expert costs. This is what is currently missing from a lot of processes. It’s not about risk score, that’s no longer good enough. It’s risk quantification!

Phases 3: Taking It To Decision-makers

Once you know which solutions you need and how many human resources are required – you can take the info to your decision-makers and get it approved (and then deployed.)


This is where the Boardish Methodology and algorithm does its magic – our Tool quantifies the information we gather from the vulnerability assessment process into financial figures which the decision-makers can … make quick and efficient decisions with.

To sum it up:

  1. The classic way of doing vulnerability assessment does not work because it’s too slow, too much time from process start to completion to actually be effective and responsive to real threats.
  2. Use technological tools, proven methodologies, and frameworks to make the process clear, efficient and quick.
  3. Quantify into clear financial figures to give your decision-makers all the info they need to make quick decisions.

Quicker IT & CYBER Budget Approvals

When technology meets 'bottom line'. There's Boardish.

Get the pragmatic guide to cyber risk quantification