Organisational mails

Applications that communicate to end-users do so from an organisational domain and organisational email account.

Penetration Testing

Before go-live of new IT services, and after major updates and changes, a penetration test of the information security needs to be performed by a trusted security party. For externally...

Automated Vulnerability Scanning

Network connected IT systems are subjected to automatic vulnerability scanning at least once per month. Scanning occurs authenticated where possible.

Vulnerability Registration and Resolution

A system owner is responsible for maintaining a list of known vulnerabilities on the system, including the associated risk, when the vulnerability was reported, what action resolution was taken and...

Service Hardening

Services run under their own account with minimal necessary privileges . Only necessary services run on production servers, and are only accessible to necessary interfaces using Host-based Firewalls. All services...

Unintended Information Disclosure

Applications and services are configured to not display information that is unnecessary. Functionality is designed and configured to prevent enumeration of information.