Policies Associated With Vulnerability Assessment And Penetration Testing
Organizations should enforce policies that must be strictly adhered by all associated people to make penetration tests successful and maximize the vulnerability detection rate and fix the detected risks.
a. Port Scanning Policy:
1. Purpose and Scope: The purpose of this port scan is to get the information about the devices connected in the network and get verified from the security officer so that none of the irrelevant ports are open and to make companies devices more secure. This policy is applicable to the security officer having control over devices connected in the network.
2. Policy: This policy covers the guidelines for scanning the companies’ infor-mation systems infrastructure. Port mapping on any computer system (includ-ing internal and external systems) shall only be performed under the following conditions:
The owner or system administrator of a system(s), may perform a port map or vulnerability scan on that system(s).
An employee may conduct a port map scan on a system on behalf of an-other after agreement between the owner and/or system administrator of that system. The scanning process requires prior approval by the owner or administrator of the system.
Approved LAN and Desktop Support and Network Services staff may conduct a port map to resolve a service problem, as a part of normal system operations and maintenance, or to enhance the security of systems.