moved to long term repo

CIO/Processes/VulnerabilityManagmentNotes.md

@@ -0,0 +1,14 @@
+
+# Vulnerability management
+
+* identify total asset base (use nmap and see if it matches librenms and resolve any discrepancies)
+* perform scans of total asset base (using openvas/lynis/ossim)
+* manage vulnerability ratings/scope
+* notify/escalate to appropriate contacts
+* address the vulns
+* report metrics (i think the apps provide built in dashboards, may need some light modification)
+
+
+i think ossim can do all the above ,also lynis/openvas  (the three combined should provide complete coverage) (network scan/agent based combination)
+
+librenms is our CMDB currently  (for identifying assets/contacts). phpipam is our inventory.