Previous
Sample Vulnerability Assessment
Policy Template
Learn how PurpleSec’s experts can help develop your organization’s cyber security policies.
Author: Rich Selvidge, CISSP / Last Updated: 5/23/22
Reviewed By: Michael Swanagan, CISSP, CISA, CISM
View Our: Editorial Process
Overview
Vulnerability assessments, at {COMPANY-NAME}, are necessary to manage the increasing number of threats, risks, and responsibilities.
Vulnerabilities are not only internal and external but there are also additional responsibilities and costs associated with ensuring compliance with laws and rules, while retaining business continuity and safety of {COMPANY-NAME} and member data.
Read More: How To Perform Vulnerability Assessment For Network Security
Download Template
Purpose
The purpose of this policy is to establish standards for periodic vulnerability assessments. This policy reflects {COMPANY-NAME}’s commitment to identify and implement security controls, which will keep risks to information system resources at reasonable and appropriate levels.
This policy covers all computer and communication devices owned or operated by {COMPANY-NAME}. This policy also covers any computer and communications device that is present on {COMPANY-NAME} premises, but which may not be owned or operated by {COMPANY-NAME}. Denial of Service testing or activities will not be performed.
Policy Detail
The operating system or environment for all information system resources must undergo a regular vulnerability assessment. This standard will empower the IT Department to perform periodic security risk assessments for determining the area of vulnerabilities and to initiate appropriate remediation. All employees are expected to cooperate fully with any risk assessment.
Vulnerabilities to the operating system or environment for information system resources must be identified and corrected to minimize the risks associated with them.
Audits may be conducted to:
- Ensure integrity, confidentiality, and availability of information and resources
- Investigate possible security incidents and to ensure conformance to {COMPANY-NAME}’s security policies
- Monitor user or system activity where appropriate
To ensure these vulnerabilities are adequately addressed, the operating system or environment for all information system resources must undergo an authenticated vulnerability assessment.
The frequency of these vulnerability assessments will be dependent on the operating system or environment, the information system resource classification, and the data classification of the data associated with the information system resource.
Retesting will be performed to ensure the vulnerabilities have been corrected. An authenticated scan will be performed by either a Third-Party vendor or using an in-house product.
All data collected and/or used as part of the Vulnerability Assessment Process and related procedures will be formally documented and securely maintained.
IT leadership will make vulnerability scan reports and on-going correction or mitigation progress to senior management for consideration and reporting to the Board of Directors.
Security Policies
- Comprehensive Policy
- Network Security
- Data Security
- Penetration Testing
- Acceptable Use
- Account Management
- Anti-Virus
- Owned Mobile Device
- Clean Desk
- E-commerce
- Firewall
- Hardware & Media Disposal
- Incident Management
- IT Purchasing
- Internet Usage
- Log Management
- Safeguard Member Info
- Network Security
- Bring Your Own Device
- Password Security
- Patch Management
- Physical Access Control
- Social Media Use
- System Monitoring
- Vulnerability Assessment
- Website Operation
- Workstation Configuration
- Server Virtualization
- Wireless Connectivity
- Telecommuting
- Internet Of Things
- View All Templates
Security Resources
Popular Articles
