Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
RyanBerghorst
Viewer II
‎09-03-2025 12:58 PM
‎09-03-2025 12:58 PM

Driving Remediation: Best Practices for Getting Stakeholders to Act on Vulnerabilities

In my role as an EDR administrator, my team would partner closely with business teams for vulnerability management. When stakeholders have competing challenges, deadlines, etc… how can we ensure remediation isn’t put to the side?

 

I wanted to share some best practices based on various CISA, NCSC, ISACA, OWASP, BitSight and LogicGate guidance and also what I have found effective.

 

#1 – Carrot, not the stick

Focus on encouragement and recognition for when teams make progress with vulnerability remediations. Refrain from shaming and disengaging teams that fall behind.


#2 – Use a leaderboard

A leaderboard is a great way to drive healthy competition. Present a percentage of the top performers to prevent punishing those at the bottom.

 

Each teams’ score can be calculated based on the number of remediated vulnerabilities in the last cycle, with weighting based on the severity rating. Divide by the number of assets for comparable scores across teams.

 

Graphs based on total vulnerabilities will spike on Patch Tuesday’s making it harder to demonstrate effort.

 

#3 – Create remediation timelines

Identify and communicate the maximum timeframe a vulnerability of each severity level can remain open for. Ensure obtaining stakeholder agreement for accountability.

 

#4 – Start small

When launching a new vulnerability management process, avoid tasking stakeholders with inordinate volumes of vulnerabilities to remediate. Prioritise remediation of critical vulnerabilities on the most critical assets. This prevents inundating stakeholders.

 

#5 – Create your vulnerability management strategy in collaboration with your stakeholders

Stakeholders are likely to be more engaged in remediations, if they also participated in creating the strategy.

 

#6 – Ensure stakeholders evaluate the risks against their assets

Stakeholders should be encouraged to consider potential disruption scenarios and their likelihoods to aid demonstrating the purpose.

 

#7 – Focus on the solution

Reports focused on the number of vulnerabilities per criticality only support measuring the scale of the problem.

 

Reports focused on detailing each remediation, and the number of vulnerabilities it can fix shifts the focus to the value of their effort.

 

#8 – Utilise threat intelligence

Utilise threat intelligence to support measuring the risk of vulnerabilities. This can allow risk-based discussions with stakeholders, supporting engagement.

 

It can also provide recent news, give real-world context and capture attention.

 

Caution: Threat intelligence should support actioning remedial activity of already prioritised vulnerabilities. Don’t let threat intelligence sway your prioritisation of vulnerabilities to remediate.

 

#9 – Simulation based upskilling

Run simulation-based training sessions to demonstrate potential impacts of vulnerabilities.

 

#10 – Use a RACI matrix

For any vulnerability remediation work undertaken, ensure assignment of responsible, accountable, consulted, and informed stakeholders.

 

Hope this is useful,

Ryan Berghorst

Reply
1 Reply
akkem
Contributor III
‎09-07-2025 10:21 AM
‎09-07-2025 10:21 AM

That’s a really well thought set of practices, practical, balanced, and clearly rooted in real world. Thank you!

Reply