Vulnerability management is at the core of every cybersecurity strategy. Vulnerabilities are present everywhere – hardware, software, firmware, configurations, supply chains and staff practices. Therefore, vulnerability management is an absolute necessity in every organization. Cybersecurity firm Tripwire posted the Five “W’s” for Vulnerability Management covering, ‘What’ is vulnerability management, ‘Why’ does every organization need a vulnerability management program, ‘When’ and ‘Where’ should organizations evaluate their environment for vulnerabilities, and  ‘Who’ should perform the evaluations. To assist utilities in determining the ‘what’ of vulnerabilities, WaterISAC regularly disseminates disclosures, bulletins, and advisories from DHS, vendors, and others. While this curated information is invaluable, each organization needs to have an internal program to further track, research, and effectively address the why, when, where, and who. Read the post at Tripwire