Problem solve Get help with specific problems with your technologies, process and projects.

Policies on periodic vulnerability scanning

Do you have any reference material on security policy that covers pre-release and ongoing periodic scanning of...

PCs, laptops, servers and Web servers to ensure that the base platform is as secure as it can be and that the host has been checked for common known exposures?

Like any other security policy, a policy on ongoing vulnerability scanning needs to be practical, enforceable and enforced. Keep in mind that vulnerability scans are merely snapshot-in-time views of your current vulnerabilities. Information systems are dynamic, and new vulnerabilities and flaws are discovered practically every day. Given this, make sure that vulnerability scanning is performed on an ongoing basis -- weekly, monthly, quarterly, bi-yearly, etc. depending on your number of users and the complexity of your information systems infrastructure.

A good place to start regarding a policy such as this would be the following SANS sample policies:

Also, section two on security policies in the RFC2196 Site Security Handbook provides some excellent guidelines. See the following URL for more info: http://www.ietf.org/rfc/rfc2196.txt?Number=2196

For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Network assessment
Best Web Links: Risk analysis

This was last published in February 2003

Dig Deeper on Risk assessments, metrics and frameworks



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.








  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...