Skip navigation
2011 Views 3 Replies Latest reply: Jun 15, 2012 3:20 AM by David Moule RSS
David Moule Level 1 19 posts since
Nov 15, 2010
Currently Being Moderated

May 28, 2012 7:57 AM

Vulnerability Mgt "policy"

We are trying to wordsmith a document that sets out in simple terms what we do and don't scan. I confess I thought this would be relatively easy but this has not been the case!

 

As you have deduced from the above we do not scan everything on our network and its actually more for this reason that I need to flush out some sort of list. I'm hoping that the once I have the list of what we don't scan, I can then clarify the reasons why we don't.

 

I was wondering if anybody out there in the community has tried to do something similar or even suceeded, and would be willing to share their policy in some form or provide hints as to its structure and level of detail that it goes to.

 

Maybe we could even try collaboratively developing a template !

 

Thanks in advance

  • Robert Dell'Immagine Level 4 251 posts since
    Apr 26, 2010
    Currently Being Moderated
    May 31, 2012 1:39 PM (in response to David Moule)
    Vulnerability Mgt "policy"

    Moving to VM area for better visibility.    - Robert (Community Admin)

  • Hywel Mallett Level 1 5 posts since
    Apr 26, 2012
    Currently Being Moderated
    Jun 8, 2012 12:49 PM (in response to David Moule)
    Vulnerability Mgt "policy"

    We do VM for PCI-DSS compliance, and we scan everything that are in the network segments that are in scope for PCI-DSS.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 6 points