AnsweredAssumed Answered

Process Setup for Vulnerability Scanning and Remediation service

Question asked by Masterchef chetu on Jun 10, 2015
Latest reply on Jun 12, 2015 by Robert Dell'Immagine

Hi Friends,

 

I am completly new to this group and recently got to know about this Qualys tool. I was intially working for Service Management as a Change and Release Manager but recently  got promoted in Security Services a Project Manager.Company will deploy three (3) virtual scanner appliances and these appliances will be used by the centralized cloudbased. As a part of project manager , my company SOC team will run a scan and the scan report will be validated by the Security officer and then the report will be sent based on the severity. There are more than 10000 IP's and I will have to keep a track of open Incidents in the Qualys tool and provide a summary report for client to review.Re-scan will be perform to identify and report against the remediation achieved in clinets enviornment. Resolver team would be from the client side we are doing scan through qualys tool through virtual scanner and appliance in client side. We will have to open the ticket and change request in client service management tool. Report cleint asking for Vulnerability Scan quaterly , High level technical report , Enterprise executive summary report and Remediation Progress weekly  to provide status update  that were closed on timely manner with the client where the remediation was not performed. Note- we have agreed for two follow ups during that quater with the client resolver group, if it is not performed by the resover group from the cleint side then we have an authority to closed the ticket as per the agreement. As of now. we are not have gone live but need some input from you guys the best practices for Vulnerability management for the client.

What are the important steps which will help to achieve those targets.What  No of calls, meeting should be setup? When exactly the scaning should be perform in each quarter along with the remediation? Can anyone help me out to understand what are the best practices, what questionares should I prepare to ask cleint security director? Since, it's a complete new domain for me. what proactive measure should I take to achieve my targets. I would be more than glad if someone sends me a sample SOP Document

Note- We agreed for quatery scan and remediation

 

Severity Type Action --tCritical Notify Client remediation group within five (5)

Business Days from the scan finish date.

>= 98%

High Notify Client remediation group within ten (10)

Business Days from the scan finish date.

>= 98%

Medium Notify Client s remediation group within fifteen (15)

Business Days from the scan finish date.

>= 98%

Outcomes