Update vulnerability-management.md

wagov · Nov 8, 2023 · 1af0086 · 1af0086
1 parent 4531bb1
commit 1af0086
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/docs/baselines/vulnerability-management.md b/docs/baselines/vulnerability-management.md
@@ -4,7 +4,7 @@ This document and associated checklist is intended to be used as a high-level se
 
 The links embedded in the checklist below are to recommended approaches that can be used for implementation, however any equivalent capability is suitable as long as the organisation is able to maintain an up to date asset database with a full inventory of **devices, resources (compute, storage, network), software and code repositories** in use.
 
-![identify](../images/identify.png)
+<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/PzX8NLPaxNk?si=rNT0sT5Hj4E_3cJS" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
 
 ## Checklist
 
@@ -19,7 +19,6 @@ The links embedded in the checklist below are to recommended approaches that can
     - [ ] Ensure all excluded devices and networks are [segmented](../guidelines/further-five.md#network-segmentation) and have [network-related logs](../guidelines/further-five.md#implementation-guidance-leveraging-network-related-logs) being monitored by [security operations](security-operations.md).
 - [ ] Assign all discovered assets to Maintenance Groups as outlined in [NIST Special Publication 800-40r4](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r4.pdf) (Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology)
 - [ ] Implement [Patch Management](../guidelines/patch-management.md) following [Assessing Security Vulnerabilities and Applying Patches](https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-administration/assessing-security-vulnerabilities-and-applying-patches)
-![protect](../images/protect.png)
     - [ ] **internet-facing services**: within two weeks, or within 48 hours if an exploit exists
     - [ ] **workstations, servers, network devices and other network-connected devices:** within one month