Content on this page requires a newer version of Adobe Flash Player.

Get Adobe Flash player

Content on this page requires a newer version of Adobe Flash Player.

Get Adobe Flash player


Home Perimeter Security Control Rooms Company Introduction Wieless Infrastructure Fibre Optics Vulnerability Assessment Access Control Integration CCTV Time & Attendance Contact Us

VULNERABILITY ASSESSMENT

These documents will be the principles, outlining the actions to be taken when planning and performing all aspects of the Vulnerability Assessment each and every time it is conducted. Every effective security practice is built on a strong foundation of policies and procedures, and the vulnerability assessment process should be no exception. Before beginning to conduct any Vulnerability Assessment, it is important to ensure that the underlying policies relevant to the organization are in place to facilitate the process. These documents will be the principles, outlining the actions to be taken when planning and performing all aspects of the Vulnerability Assessment each and every time it is conducted.

The policies and procedures will need to include existing organizational processes (Change Management). This will ensure that all Vulnerability Assessment activities have gone through a review process, thereby making others in the organization aware of the purpose and scope of the planned Vulnerability Assessment. There also needs to be a mechanism to manage the resulting Vulnerability Assessment data. Building into the existing Issue Management process it is possible to create a method to track issues and distribute the finding to the various system owners for resolution. One last example could include making use of the existing Rule of Behaviour process. This way it is possible to clearly define each individual’s roles and responsibilities in the planning, conducting and reporting of the vulnerability assessment process.

When developing any procedure it is best practice to start from a high-level and work down towards defining the specific details. These particulars may vary between organizations, but the basic high-level details will usually be the same.
When developing any procedure it is best practice to start from a high-level and work down towards defining the specific details. These particulars may vary between organizations, but the basic high-level details will usually be the same.

Conduct Assessment

This phase consists of two main objectives, the planning and performing of the vulnerability assessment. The planning component will include gathering all relevant information, defining the scope of activities, defining roles and responsibilities, and making others aware through the change management process. The method for performing the vulnerability assessment will include interviewing system administrators, reviewing appropriate policies and procedure relating to the systems being assessed and of course security scanning and vetting.

Identify Exposures

This phase can include an assortment of tasks. E.g. reviewing the resulting data from the assessment phase and Building it into the issue management process so that accountability for the issues is established and the exposures can be resolved. The data can also be stored and reviewed allowing for enterprise wide risk analysis and trending.

Address Exposures

This phase tries to resolve the exposures identified in the previous phase. Before any steps are taken to fix the problem an investigation must be conducted to determine if the service that caused the exposure is in fact needed. If the service is needed then the system should be upgraded, or if no upgrade exists management must be informed of the potential risk that system presents. If the services are not needed then it could simply be disabled.