Enterprise Security Infrastructure Controls and Regulatory Compliance

DRAFT VULNERABILITY SCANNING STANDARD

Investigate Nessus or similar Scanning tool.

Standards are technology specific

Each standard must include the following:

$1.$ Brief description of the tool

$1\mathrm{.}1.$ At a high level $($paragraph$),$ what does this technology do and how you are going to use it$?$

$2.$ Implementation

$2\mathrm{.}1.$ How will you implement it$,$ what are the systems you will scan?

$2\mathrm{.}2.$ What system$($s$)$ is it applied to $($Scope$)$

$3.$ How will you categorize vulnerabilities?

$4.$ What are the rules on how long to fix vulnerabilities?

$5.$ What are the exceptions rules and approvals if you cannot fix an issue $$ for example say you

have a system that only runs on Windows XP how do you handle that or other exceptions