Implementing Vulnerability Scanning in a Large Organisation

Vulnerability scanning in itself is now very much a 'point and click' affair. Scans are available freely on the web [1] and the majority of tools are provided with a graphical interface. However implementing vulnerability scanning within a large organization is about much more that installing the software and running it. This paper describes how our security group now uses vulnerability scanning to demonstrably improve the security posture of our organization.