Highline College

Explore Highline College

Connect with Highline College

Toggle Sliding Bar Area

Highline College Logo
Apply Now

6.4 Vulnerability Assessment Standard

Home/IT Security/IT Security Policy/6.4 Vulnerability Assessment Standard
6.4 Vulnerability Assessment Standard 2024-03-25T12:20:48+00:00

6.4 Vulnerability Assessment Standard

 

6.4.1. Overview

Vulnerability management is an essential component of any information security program and the process of vulnerability assessment is vital to effective vulnerability management. Vulnerability assessment provides visibility into the vulnerability of assets deployed in the network. Vulnerability assessment consists of scanning to identify networked assets, determine potential vulnerabilities and assessment of potential vulnerabilities. Remediation of the vulnerabilities is another facet of vulnerability management.

 

6.4.2. Purpose

To permit designated ITS personnel to perform information security vulnerability assessment for the purpose of determining areas of vulnerability.

 

6.4.3. Scope

Vulnerability Assessments can be conducted on any asset, product or service within Highline College.

 

6.4.4. Standard

6.4.4.1

The development, implementation and execution of the vulnerability assessment process is the responsibility of ITS under the authority of the CISO and the CIO.

6.4.4.2

Periodic or continuous vulnerability assessment scans will be performed on all network assets deployed on Highline College IP address space.

6.4.4.3

A centrally managed vulnerability assessment system will be deployed.

6.4.4.4

Assessment of vulnerabilities is the joint responsibility of ITS and the area responsible for the asset, product or service being assessed.

6.4.4.5

Highline College personnel are expected to cooperate fully with any vulnerability assessment being conducted on systems for which they are held accountable.

6.4.4.6

Highline College personnel are further expected to cooperate with ITS in the development of a remediation plan.

6.4.4.7

Any vulnerability scans or follow-up activities, performed outside of the centrally managed vulnerability assessment tool, required to assess vulnerabilities must be approved by the CIO, CISO, or an authorized member of the ITS Management Team.

6.4.4.8

The CIO is permitted to hire third-party security companies to run external vulnerability scans against externally deployed Highline College assets, products or services.

 

6.4.5. Compliance

6.4.5.1 Compliance Measurement

ITS will verify compliance to this standard through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the standard owner.

6.4.5.2 Exceptions

Any exception to the standard must be approved by ITS in advance.

6.4.5.3 Non-Compliance

An employee found to have violated this standard may be subject to disciplinary action, up to and including termination of employment.

 

6.4.6. Related Standards, Policies, and Processes

None.

 

6.4.7. Revision History

Date By Summary