
	Home > Ask the Security Experts > Questions & Answers > Policies on periodic vulnerability scanning

Ask The Security Expert: Questions & Answers

EMAIL THIS

Policies on periodic vulnerability scanning

EXPERT RESPONSE FROM: Kevin Beaver

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

QUESTION POSED ON: 05 February 2003
Do you have any reference material on security policy that covers pre-release and ongoing periodic scanning of PCs, laptops, servers and Web servers to ensure that the base platform is as secure as it can be and that the host has been checked for common known exposures?

EXPERT RESPONSE

Like any other security policy, a policy on ongoing vulnerability scanning needs to be practical, enforceable and enforced. Keep in mind that vulnerability scans are merely snapshot-in-time views of your current vulnerabilities. Information systems are dynamic, and new vulnerabilities and flaws are discovered practically every day. Given this, make sure that vulnerability scanning is performed on an ongoing basis -- weekly, monthly, quarterly, bi-yearly, etc. depending on your number of users and the complexity of your information systems infrastructure.

A good place to start regarding a policy such as this would be the following SANS sample policies:
http://www.sans.org/resources/policies/Risk_Assessment_Policy.doc
http://www.sans.org/resources/policies/Server_Security_Policy.doc
http://www.sans.org/resources/policies/Audit_Policy.doc

Also, section two on security policies in the RFC2196 Site Security Handbook provides some excellent guidelines. See the following URL for more info: http://www.ietf.org/rfc/rfc2196.txt?Number=2196

For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Network assessment
Best Web Links: Risk analysis

Digg This!

StumbleUpon

Del.icio.us

RELATED RESOURCES

	2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
	Search Bitpipe.com for the latest white papers and business webcasts
	Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Advanced Search | Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy