Item #2 is your answer. Why be concerned if you don't have to be compliant?

I would also ask EEye what the report means on this specific vulnerability. In a way it may be saying just turn off optional services (as they should always be disabled).

Some ways to measure risk include:

How valuable is the asset?
How much of a threat exists?
What is the impact if the system/service is exploited?
Is the vulnerability rated high/medium/low?
Can the risk be reduced and how easy (technical & cost) can it be reduced?
What is the probability of the vulnerability being exploited?

You are asking yourself:
What are you protecting?
What can happen to it? - How can it happen?
What does it mean to the business?
How can the risk be reduced?
How likely is it to happen given the existing conditions?

Risk assessment goal: identify & prioritize risks.
Risk management goal: manage risks to an acceptable level.
- Mitigate: select controls; implement; monitor
- Transfer: purchase insurance
- Accept: do nothing
- Avoid: discontinue activity

Please complete the following information:

REGISTER / LOG-IN TO DISCUSS

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Submit your e-mail address below to continue

E-mail: 

E-mail: 

Handle:   

Password: 

Forgot Password?

Create Handle: 

Your handle identifies you in ITKnowledgeExchange. Max 30 char.

Create Password: 

Confirm Password: 

Yes, I agree to the IT Knowledge Exchange  Terms and Conditions.

hidden modal window