{"id":1189,"date":"2025-03-23T14:35:04","date_gmt":"2025-03-23T13:35:04","guid":{"rendered":"https:\/\/buchholz-software.de\/?page_id=1189"},"modified":"2025-03-23T15:20:59","modified_gmt":"2025-03-23T14:20:59","slug":"vulnerability-management","status":"publish","type":"page","link":"https:\/\/buchholz-software.de\/en\/schwachstellenmanagement\/","title":{"rendered":"Vulnerability management"},"content":{"rendered":"<div data-elementor-type=\"wp-page\" data-elementor-id=\"1189\" class=\"elementor elementor-1189\" data-elementor-post-type=\"page\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-447bec4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"447bec4\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-58 elementor-top-column elementor-element elementor-element-9bf8b07\" data-id=\"9bf8b07\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ba94d5a elementor-widget elementor-widget-text-editor\" data-id=\"ba94d5a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<span class=\"anyva-eyebrow\">Vulnerability Management \u00b7 NIS-2<\/span>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b846857 elementor-widget elementor-widget-heading\" data-id=\"b846857\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Identifying, assessing, and remediating technical vulnerabilities in a GRC context<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-80d7f01 elementor-widget elementor-widget-text-editor\" data-id=\"80d7f01\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"color:rgba(255,255,255,0.75);font-size:1.05rem;max-width:520px\">ANYVA links CVEs and vulnerabilities directly to affected assets, processes, and data protection risks \u2013 so that vulnerabilities are not treated in isolation, but their impact on the entire organisation becomes visible.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6b79279 elementor-widget elementor-widget-text-editor\" data-id=\"6b79279\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div style=\"display:flex;flex-wrap:wrap;gap:12px;margin-top:8px\">\n<a href=\"https:\/\/buchholz-software.de\/en\/contact-us\/\" style=\"background:#1A4B8C;color:#fff;padding:11px 22px;border-radius:6px;font-weight:600;font-size:0.875rem;text-decoration:none;display:inline-block\">Arrange a demo<\/a>\n<a href=\"https:\/\/buchholz-software.de\/en\/anyva-grc\/\" style=\"background:rgba(255,255,255,0.07);color:rgba(255,255,255,0.85);padding:11px 22px;border-radius:6px;font-weight:600;font-size:0.875rem;text-decoration:none;display:inline-block;border:1px solid rgba(255,255,255,0.14)\">View all modules<\/a>\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-42 elementor-top-column elementor-element elementor-element-f4e0c58\" data-id=\"f4e0c58\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c2df2f8 elementor-widget elementor-widget-text-editor\" data-id=\"c2df2f8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div style=\"background:rgba(255,255,255,0.05);border:1px solid rgba(255,255,255,0.1);border-radius:12px;padding:24px\">\n<p style=\"color:#0EA5E9;font-size:0.72rem;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;margin-bottom:14px\">Scope of functionality<\/p>\n<ul style=\"list-style:none;padding:0;margin:0\"><li style=\"padding:7px 0;border-bottom:1px solid rgba(255,255,255,0.07);color:rgba(255,255,255,0.82);font-size:0.875rem\"><span style=\"color:#10B981;margin-right:8px\">\u2713<\/span>CVE Evaluation &amp; Asset Linking<\/li><li style=\"padding:7px 0;border-bottom:1px solid rgba(255,255,255,0.07);color:rgba(255,255,255,0.82);font-size:0.875rem\"><span style=\"color:#10B981;margin-right:8px\">\u2713<\/span>Automatic risk assessment<\/li><li style=\"padding:7px 0;border-bottom:1px solid rgba(255,255,255,0.07);color:rgba(255,255,255,0.82);font-size:0.875rem\"><span style=\"color:#10B981;margin-right:8px\">\u2713<\/span>Impact on data protection risks visible<\/li><li style=\"padding:7px 0;border-bottom:1px solid rgba(255,255,255,0.07);color:rgba(255,255,255,0.82);font-size:0.875rem\"><span style=\"color:#10B981;margin-right:8px\">\u2713<\/span>Action Tracking (PDCA)<\/li><li style=\"padding:7px 0;border-bottom:1px solid rgba(255,255,255,0.07);color:rgba(255,255,255,0.82);font-size:0.875rem\"><span style=\"color:#10B981;margin-right:8px\">\u2713<\/span>Effectiveness check<\/li><li style=\"padding:7px 0;border-bottom:1px solid rgba(255,255,255,0.07);color:rgba(255,255,255,0.82);font-size:0.875rem\"><span style=\"color:#10B981;margin-right:8px\">\u2713<\/span>Audit Trail for Proof<\/li><li style=\"padding:7px 0;border-bottom:1px solid rgba(255,255,255,0.07);color:rgba(255,255,255,0.82);font-size:0.875rem\"><span style=\"color:#10B981;margin-right:8px\">\u2713<\/span>NIS-2 \/ ISO 27001 Documentation<\/li><\/ul><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d2b9cc9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d2b9cc9\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b735083\" data-id=\"b735083\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6699907 elementor-widget elementor-widget-text-editor\" data-id=\"6699907\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<span class=\"anyva-eyebrow\">The problem with siloed vulnerability management<\/span>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cf0ebc1 elementor-widget elementor-widget-heading\" data-id=\"cf0ebc1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Why CVEs should not be viewed in isolation<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5456f21 elementor-widget elementor-widget-text-editor\" data-id=\"5456f21\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"color:#64748B;max-width:640px\">Technical vulnerabilities are often managed in separate scan tools without any connection to data privacy, risk management or ISMS. The actual impact of a vulnerability on processes, personal data and compliance therefore remains invisible.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-9171c6e\" data-id=\"9171c6e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-01f9c39 elementor-widget elementor-widget-text-editor\" data-id=\"01f9c39\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div style=\"background:#fff;border:1px solid #E2E8F0;border-radius:12px;padding:22px;box-shadow:0 1px 3px rgba(0,0,0,0.05);height:100%\"><div style=\"font-size:1.3rem;margin-bottom:8px\">\u26a0\ufe0f<\/div><strong style=\"color:#0A1628;display:block;margin-bottom:6px;font-size:0.9rem\">Vulnerabilities affect processes<\/strong><p style=\"color:#64748B;font-size:0.84rem;line-height:1.6;margin:0\">In ANYVA, assets are linked to business processes. A new CVE automatically triggers a reassessment of the affected processes, risks, and data protection impact assessments.<\/p><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-327a109\" data-id=\"327a109\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1e04d3d elementor-widget elementor-widget-text-editor\" data-id=\"1e04d3d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div style=\"background:#fff;border:1px solid #E2E8F0;border-radius:12px;padding:22px;box-shadow:0 1px 3px rgba(0,0,0,0.05);height:100%\"><div style=\"font-size:1.3rem;margin-bottom:8px\">\ud83d\udd17<\/div><strong style=\"color:#0A1628;display:block;margin-bottom:6px;font-size:0.9rem\">Connection to data protection risks<\/strong><p style=\"color:#64748B;font-size:0.84rem;line-height:1.6;margin:0\">Vulnerabilities in systems that process personal data have a direct impact on data protection risks. ANYVA makes this connection visible and documents it.<\/p><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-2ff6315\" data-id=\"2ff6315\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-acb6e28 elementor-widget elementor-widget-text-editor\" data-id=\"acb6e28\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div style=\"background:#fff;border:1px solid #E2E8F0;border-radius:12px;padding:22px;box-shadow:0 1px 3px rgba(0,0,0,0.05);height:100%\"><div style=\"font-size:1.3rem;margin-bottom:8px\">\u2705<\/div><strong style=\"color:#0A1628;display:block;margin-bottom:6px;font-size:0.9rem\">Detectable processing<\/strong><p style=\"color:#64748B;font-size:0.84rem;line-height:1.6;margin:0\">Every vulnerability is documented with the person responsible, deadline, action, and effectiveness check. The PDCA cycle ensures that processing is completed transparently.<\/p><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c23bdc2 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c23bdc2\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-55 elementor-top-column elementor-element elementor-element-6aa5a33\" data-id=\"6aa5a33\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-af6f5fe elementor-widget elementor-widget-text-editor\" data-id=\"af6f5fe\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<span class=\"anyva-eyebrow\">Integration into the GRC system<\/span>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2f35e31 elementor-widget elementor-widget-heading\" data-id=\"2f35e31\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Vulnerability management as part of the overall system<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2f6d2b1 elementor-widget elementor-widget-text-editor\" data-id=\"2f6d2b1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"color:#64748B\">In ANYVA, vulnerability management is not a separate module but part of the integrated GRC system.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-146b8a7 elementor-widget elementor-widget-text-editor\" data-id=\"146b8a7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div style=\"background:#F8FAFC;border-radius:12px;padding:24px;border:1px solid #E2E8F0\"><p style=\"font-weight:700;color:#0A1628;margin-bottom:12px;font-size:0.9rem\">What this means in practice:<\/p><ul style=\"list-style:none;padding:0;margin:0\"><li style=\"padding:8px 0;border-bottom:1px solid #E2E8F0;font-size:0.875rem;color:#374151;display:flex;gap:8px\"><span style=\"color:#1A4B8C;flex-shrink:0\">\u2192<\/span>A new vulnerability affects all linked risks and processes<\/li><li style=\"padding:8px 0;border-bottom:1px solid #E2E8F0;font-size:0.875rem;color:#374151;display:flex;gap:8px\"><span style=\"color:#1A4B8C;flex-shrink:0\">\u2192<\/span>Affected VVT and DSFA will be automatically flagged<\/li><li style=\"padding:8px 0;border-bottom:1px solid #E2E8F0;font-size:0.875rem;color:#374151;display:flex;gap:8px\"><span style=\"color:#1A4B8C;flex-shrink:0\">\u2192<\/span>Measures are being implemented simultaneously in the ISMS and DSMS.<\/li><li style=\"padding:8px 0;border-bottom:1px solid #E2E8F0;font-size:0.875rem;color:#374151;display:flex;gap:8px\"><span style=\"color:#1A4B8C;flex-shrink:0\">\u2192<\/span>Proof of a single audit trail for all disciplines<\/li><\/ul><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-45 elementor-top-column elementor-element elementor-element-e874348\" data-id=\"e874348\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-151eef2 elementor-widget elementor-widget-text-editor\" data-id=\"151eef2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<span class=\"anyva-eyebrow\">Relevant Standards<\/span>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e74094d elementor-widget elementor-widget-text-editor\" data-id=\"e74094d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div style=\"display:flex;flex-direction:column;gap:10px;margin-top:8px\">\n<div style=\"padding:14px 16px;background:#F8FAFC;border:1px solid #E2E8F0;border-radius:10px\">\n  <strong style=\"color:#0A1628;font-size:0.875rem\">NIS-2<\/strong>\n  <p style=\"color:#64748B;font-size:0.8rem;margin:4px 0 0\">NIS-2 requires vulnerability management as part of risk management for essential and important entities.<\/p>\n<\/div>\n<div style=\"padding:14px 16px;background:#F8FAFC;border:1px solid #E2E8F0;border-radius:10px\">\n  <strong style=\"color:#0A1628;font-size:0.875rem\">ISO 27001 Annex A<\/strong>\n  <p style=\"color:#64748B;font-size:0.8rem;margin:4px 0 0\">Capture and address technical vulnerabilities as threats within the ISMS in a structured manner \u2013 with proof of effectiveness.<\/p>\n<\/div>\n<div style=\"padding:14px 16px;background:#F8FAFC;border:1px solid #E2E8F0;border-radius:10px\">\n  <strong style=\"color:#0A1628;font-size:0.875rem\">GDPR<\/strong>\n  <p style=\"color:#64748B;font-size:0.8rem;margin:4px 0 0\">Vulnerabilities in data processing systems influence data protection risks and can trigger reporting obligations.<\/p>\n<\/div>\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-vuln_comp_sec elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"vuln_comp_sec\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-vuln_comp_col\" data-id=\"vuln_comp_col\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-vuln_comp_w elementor-widget elementor-widget-text-editor\" data-id=\"vuln_comp_w\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p class=\"anyva-eyebrow\">Operative Wirkung<\/p>\n<h2>Technische Schwachstellen wirken direkt auf Compliance zur\u00fcck<\/h2>\n<p style=\"color:#64748B;font-size:1rem;max-width:700px;margin-bottom:0\">In klassischen Tools bleibt Schwachstellenmanagement eine IT-Disziplin. In ANYVA ist jede Schwachstelle direkt mit Prozessen, Datenschutzrisiken und Ma\u00dfnahmen verkn\u00fcpft.<\/p>\n<div class=\"anyva-arch-compare\" style=\"margin-top:2rem\">\n<div class=\"anyva-arch-side anyva-arch-side--classic\">\n<div class=\"anyva-arch-label\">Klassisches Vorgehen<\/div>\n<div class=\"anyva-arch-box\"><span style=\"color:#DC2626;font-weight:700\">\u2717<\/span>CVE-Scanner: IT-Sicht, kein Datenschutzbezug<\/div>\n<div class=\"anyva-arch-box\"><span style=\"color:#DC2626;font-weight:700\">\u2717<\/span>Risikobewertung getrennt vom Schwachstellen-Tool<\/div>\n<div class=\"anyva-arch-box\"><span style=\"color:#DC2626;font-weight:700\">\u2717<\/span>DSFA und IT-Risiken nicht verbunden<\/div>\n<div class=\"anyva-arch-box\"><span style=\"color:#DC2626;font-weight:700\">\u2717<\/span>Manueller Abgleich mit Compliance n\u00f6tig<\/div>\n<div class=\"anyva-arch-alert\">\u26a0 L\u00fccken zwischen IT-Betrieb und Compliance bleiben unentdeckt<\/div>\n<\/div>\n<div class=\"anyva-arch-side anyva-arch-side--anyva\">\n<div class=\"anyva-arch-label\">ANYVA<\/div>\n<div class=\"anyva-arch-box\"><span style=\"color:#10B981;font-weight:700\">\u2713<\/span>CVE dem technischen Service zugeordnet<\/div>\n<div class=\"anyva-arch-box\"><span style=\"color:#10B981;font-weight:700\">\u2713<\/span>Betroffener Prozess automatisch identifiziert<\/div>\n<div class=\"anyva-arch-box\"><span style=\"color:#10B981;font-weight:700\">\u2713<\/span>DSGVO-Risiko wird automatisch bewertet<\/div>\n<div class=\"anyva-arch-box\"><span style=\"color:#10B981;font-weight:700\">\u2713<\/span>Ma\u00dfnahme mit PDCA-Logik abgeleitet<\/div>\n<div class=\"anyva-arch-alert\">\u2713 IT-Betrieb und Compliance sind verbunden \u2013 keine blinden Flecken<\/div>\n<\/div>\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-vuln_scen_sec elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"vuln_scen_sec\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-vuln_scen_col\" data-id=\"vuln_scen_col\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-vuln_scen_w elementor-widget elementor-widget-text-editor\" data-id=\"vuln_scen_w\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p class=\"anyva-eyebrow\">Praxisszenario<\/p>\n<h2>Was passiert, wenn eine kritische Schwachstelle entdeckt wird?<\/h2>\n<p style=\"color:#64748B;font-size:1rem;max-width:700px;margin-bottom:1.5rem\">Ein CVE in einem produktiven System \u2013 und wie ANYVA die vollst\u00e4ndige Compliance-Wirkung sichtbar macht.<\/p>\n<div class=\"anyva-flow anyva-flow--light\">\n<div class=\"anyva-flow-step\">\n<div class=\"anyva-flow-icon\">\ud83d\udd0d<\/div>\n<div class=\"anyva-flow-title\">CVE reported<\/div>\n<div class=\"anyva-flow-desc\">Neue Sicherheitsl\u00fccke in einem technischen Service erfasst<\/div>\n<\/div>\n<div class=\"anyva-flow-step\">\n<div class=\"anyva-flow-icon\">Desktop computer<\/div>\n<div class=\"anyva-flow-title\">Asset zugeordnet<\/div>\n<div class=\"anyva-flow-desc\">Betroffene Systeme und deren Prozessbezug automatisch identifiziert<\/div>\n<\/div>\n<div class=\"anyva-flow-step\">\n<div class=\"anyva-flow-icon\">\u26a0\ufe0f<\/div>\n<div class=\"anyva-flow-title\">Risk updated<\/div>\n<div class=\"anyva-flow-desc\">IT-Risiko und DSGVO-Risiko gleichzeitig neu bewertet<\/div>\n<\/div>\n<div class=\"anyva-flow-step\">\n<div class=\"anyva-flow-icon\">Shield<\/div>\n<div class=\"anyva-flow-title\">Measure derived<\/div>\n<div class=\"anyva-flow-desc\">TOM oder Korrekturma\u00dfnahme mit PDCA-Logik dokumentiert<\/div>\n<\/div>\n<div class=\"anyva-flow-step\">\n<div class=\"anyva-flow-icon\">\ud83d\udccb<\/div>\n<div class=\"anyva-flow-title\">Nachweis l\u00fcckenlos<\/div>\n<div class=\"anyva-flow-desc\">Vollst\u00e4ndiger Audit-Trail: Entdeckung, Bewertung, Ma\u00dfnahme, Wirksamkeit<\/div>\n<\/div>\n<\/div>\n<p style=\"color:#64748B;font-size:0.875rem;margin-top:1.25rem;max-width:680px\">Ohne ANYVA: CVE in Scanner-Tool, DSGVO-Auswirkung unbekannt, manuelle Meldepflichtenpr\u00fcfung. Mit ANYVA: Ein System, vollst\u00e4ndige Sichtbarkeit.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-cdf1ba4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cdf1ba4\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-816527b\" data-id=\"816527b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c2efa37 elementor-widget elementor-widget-heading\" data-id=\"c2efa37\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Vulnerability management in the GRC context<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ca0c8c1 elementor-widget elementor-widget-text-editor\" data-id=\"ca0c8c1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align:center;color:rgba(255,255,255,0.7);max-width:500px;margin:0 auto 20px;font-size:0.95rem\">In a demo, we show how ANYVA connects vulnerabilities with your ISMS and DSMS.<\/p>\n<div style=\"text-align:center\">\n<a href=\"https:\/\/buchholz-software.de\/en\/contact-us\/\" style=\"background:#1A4B8C;color:#fff;padding:11px 24px;border-radius:6px;font-weight:600;font-size:0.875rem;text-decoration:none;display:inline-block;margin-right:10px\">Arrange a demo<\/a>\n<a href=\"https:\/\/buchholz-software.de\/en\/anyva-grc\/\" style=\"color:rgba(255,255,255,0.75);padding:11px 16px;border-radius:6px;font-weight:600;font-size:0.875rem;text-decoration:none;display:inline-block;border:1px solid rgba(255,255,255,0.15)\">View platform<\/a>\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Schwachstellenmanagement Konzept Schwachstellenmanagement Das\u00a0 Anyva Schwachstellenmanagement ist ein integraler Bestandteil des umfassenden Datenschutz- und Sicherheitskonzepts gem\u00e4\u00df der Datenschutz-Grundverordnung (DSGVO). Es unterst\u00fctzt Sie dabei, Ihrer Pflicht zur Umsetzung geeigneter technischer und organisatorischer Ma\u00dfnahmen nachzukommen, wie sie insbesondere in Art.\u202f24, 25, 32 und 35 DSGVO gefordert werden. Gem\u00e4\u00df Art.\u202f24 DSGVO obliegt es dem Verantwortlichen, die Einhaltung der [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-1189","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/buchholz-software.de\/en\/wp-json\/wp\/v2\/pages\/1189","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buchholz-software.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/buchholz-software.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/buchholz-software.de\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buchholz-software.de\/en\/wp-json\/wp\/v2\/comments?post=1189"}],"version-history":[{"count":7,"href":"https:\/\/buchholz-software.de\/en\/wp-json\/wp\/v2\/pages\/1189\/revisions"}],"predecessor-version":[{"id":1200,"href":"https:\/\/buchholz-software.de\/en\/wp-json\/wp\/v2\/pages\/1189\/revisions\/1200"}],"wp:attachment":[{"href":"https:\/\/buchholz-software.de\/en\/wp-json\/wp\/v2\/media?parent=1189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}