Vulnerability Management
Penetration Testing
Before go-live of new IT services, and after major updates and changes, a penetration test of the information security needs to be performed by a trusted security party. For externally...
Automated Application Vulnerability Scanning
The (web-)application is subject to automated vulnerability scanning at least once per quarter. Scanning occurs authenticated as much as possible.
Automated Vulnerability Scanning
Network connected IT systems are subjected to automatic vulnerability scanning at least once per month. Scanning occurs authenticated where possible.
Coordinated Vulnerability Disclosure Policy
The organization has a published Coordinated Vulnerability Disclosure Policy to encourage security researchers and individuals to ethically find and report vulnerabilities.
Vulnerability Registration and Resolution
A system owner is responsible for maintaining a list of known vulnerabilities on the system, including the associated risk, when the vulnerability was reported, what action resolution was taken and...