The purpose of this policy is to establish standards for periodic vulnerability assessments. This policy reflects {COMPANY-NAME}’s commitment to identify and implement security controls, which will keep risks to information system resources at reasonable and appropriate levels.
This policy covers all computer and communication devices owned or operated by {COMPANY-NAME}. This policy also covers any computer and communications device that is present on {COMPANY-NAME} premises, but which may not be owned or operated by {COMPANY-NAME}. Denial of Service testing or activities will not be performed.
Get a step ahead of your cybersecurity goals with our comprehensive templates.
Vulnerability assessments, at {COMPANY-NAME}, are necessary to manage the increasing number of threats, risks, and responsibilities.
Vulnerabilities are not only internal and external but there are also additional responsibilities and costs associated with ensuring compliance with laws and rules while retaining business continuity and safety of {COMPANY-NAME} and member data.
Read More: How To Perform Vulnerability Assessment For Network Security
The operating system or environment for all information system resources must undergo a regular vulnerability assessment. This standard will empower the IT Department to perform periodic security risk assessments to determine the area of vulnerabilities and to initiate appropriate remediation. All employees are expected to cooperate fully with any risk assessment.
Vulnerabilities to the operating system or environment for information system resources must be identified and corrected to minimize the risks associated with them.
Audits may be conducted to:
To ensure these vulnerabilities are adequately addressed, the operating system or environment for all information system resources must undergo an authenticated vulnerability assessment.
The frequency of these vulnerability assessments will be dependent on the operating system or environment, the information system resource classification, and the data classification of the data associated with the information system resource.
Retesting will be performed to ensure the vulnerabilities have been corrected. An authenticated scan will be performed by either a Third-Party vendor or using an in-house product.
All data collected and/or used as part of the Vulnerability Assessment Process and related procedures will be formally documented and securely maintained.
IT leadership will make vulnerability scan reports and on-going correction or mitigation progress to senior management for consideration and reporting to the Board of Directors.
Article by
Share This Page
Our Editorial Process
Our content goes through a rigorous approval process which is reviewed by cybersecurity experts – ensuring the quality and accuracy of information published.
Categories
Our team of security researchers analyze recent cyber attacks, explain the impact, and provide actionable steps to keep you ahead of the trends.
An acceptable use policy outlines the use of computer equipment. Inappropriate use exposes the company to risks including virus attacks, compromise of network systems and services, and legal issues.
This policy defines the requirement for reporting and responding to incidents related to the company’s information systems and operations
A penetration testing policy provides guidance for managing a penetration testing program and performing penetration testing activities with the goal of improving defensive IT security
The purpose of an internet usage policy is to establish the rules for the use of company Internet for access to the Internet or the Intranet.
The company must prioritize its assets and protect the most critical ones first; however, it is important to ensure patching takes place on all machines.
Founded in 2019, PurpleSec is a veteran-owned cybersecurity company with a mission to help SMBs and startups affordably meet their security requirements.