|
Computer Vulnerability Scanning Policy
Good system security must be developed in conjunction with regular feedback on its effectiveness. One form of feedback can be produced using network-based security scanning tools. Regular scanning of computers attached to the network, to look for security vulnerabilities, is a best practice for managing a dynamic computing environment.
Scope:
Any equipment attached to the GLCC network is subject to security vulnerability scans. In today’s changing environment, vulnerable and/or unprotected systems can easily be overlooked. Systems that are not properly managed can become a potential threat to the health and well-being of our systems and network.
Proactive security scanning allows for a meaningful assessment of system security against known risks, provides a roadmap of effective countermeasures for improving security, and also provides a simple quantification of assets. Proactive scanning can also lead to faster detection of, and perhaps fewer damages to, breached systems.
Reactive security scanning allows for threat quantification and assessment, accelerated damage control, and an assessment of systems against reasonable control measures during the repair/rebuild process.
Policy Statement:
The policy provides for multiple levels of scanning services.
- Group – Groups of systems or departments identified as critical and/or a particular risk to the smooth functioning of the College will be subject to frequent, in-depth security scans. Any department can join the group policy upon request.
- Individual – Before a new system is put into service, it is recommended that a network security scan be conducted for the purposes of identifying known vulnerabilities. Scans may be requested by system administrators at any time, as frequently as necessary to maintain confidence in the security protections being employed. Any system identified in conjunction with a security incident, as well as any system undergoing a financial audit may be subject to a network security scan.
|
