Natesan Vulnerability Management Policy PDF
Document Details
Uploaded by SupportiveCadmium
Anna University
Tags
Summary
This document details Natesan's Vulnerability Management Policy. It outlines the identification, analysis, prioritization, and rectification of vulnerabilities affecting IT systems. The policy emphasizes the importance of proactive security measures and timely reporting of potential threats.
Full Transcript
NATESAN SYNCHROCONES PVT LTD VULNERABILITY MANAGEMENT POLICY TRAINING DATE - TRAINING BY - Mr GK Arvind Natesan Automotive Natesan Aerospace Natesan Renewable...
NATESAN SYNCHROCONES PVT LTD VULNERABILITY MANAGEMENT POLICY TRAINING DATE - TRAINING BY - Mr GK Arvind Natesan Automotive Natesan Aerospace Natesan Renewable Natesans Energy Confidential Cyber security risk is a primary determinant in conducting third party transactions, business transactions, and business engagements, in an ever- changing risk profile of today’s organizations. There is an imperative need to minimize data loss, ensure steady business operation and trust. The aim of this policy is to identify various vulnerabilities associated with implementation and use of IT facilities and services, and to prioritize and take timely corrective and preventive action to ensure that recurrence of the vulnerabilities are brought down to nil or minimum. To strengthen Natesan’s security management practices by continuous scanning Natesan Natesan Automotive and remediation Aerospace of vulnerabilities across Natesan Natesan’s Renewable Natesans Energy Confidential IT infrastructure and Information Processing Facilities (IPF), encompassing applications, infrastructure and endpoints. Category of Vulnerabilities Physical access – Physical vulnerabilities relate to flaws or weaknesses in a data system or its hosting environment that can enable a physical attack on the system (For eg - Vandalism, theft, unauthorized access, tailgating etc) Database vulnerability- Database is one of the most important aspects of any information system. It is where crucial data is stored. Breach in a database system might lead to heavy losses Application and web facing services - Design flaws in web applications are constantly being researched both by security researchers and hackers. Most of these flaws or defects affect all dynamic web applications which may lead to different vulnerabilities. Natesan Automotive Natesan Aerospace Natesan Renewable Natesans Energy Confidential Incorrect configurations – Incorrect configurations can lead to vulnerabilities that attackers exploit in security Implementation by IT Department Vulnerability identification- All the aspects of a system, networks, servers, and databases are checked for possible weaknesses and vulnerabilities. The goal of this step is to get a list of all the possible loopholes in the security system. This is done by scanning tools specially developed for identifying various types of vulnerabilities. Analysis - From the first step, a list of vulnerabilities can be prepared for detailed analysis. Then the next step is to analyze and identify the root cause or what triggers this vulnerability. It also gauges the severity of potential attacks and the damage they can cause. Prioritization - Triage or prioritization should be done whenever more vulnerabilities are identified on the basis of severity and identifying the data or system that may be impacted Natesan Automotive Natesan Aerospace Natesan Renewable Energy Natesans Rectification - Once theConfidential root cause is identified and prioritization is done, then the next step is taking Vulnerability Disclosure At Natesan, the security of our systems and our customer data together with the safety and continuity of product and service delivery, are a top priority. By actively reporting vulnerabilities or threats you are helping to maintain the safety and reliability of our systems. In order to report a security incident, please contact us by emailing [email protected] making sure that you adhere to guidelines of engagement. 1) Notify us as soon as possible after you discover a real or potential security issue 2) Make every effort to avoid privacy regulations, degradation of user experience, disruption to production systems, and destruction or manipulation of data. 3) Provide us a reasonable amount of time to resolve the issue before you disclose it publicly. 4) Only use exploits to the extent necessary to confirm a Natesan Automotive vulnerability presence Natesan Aerospace Natesan Renewable Natesans Energy Confidential 5) Do not make changes to the Natesan system, do not modify or delete any Natesan data, Do not create a backdoor Conclusion Vulnerability Management Policy is used to identify various vulnerabilities associated with implementation and use of IT facilities and services, and to prioritize and take timely corrective and preventive action to ensure that recurrence of the vulnerabilities are brought down. Natesan Automotive Natesan Aerospace Natesan Renewable Natesans Energy Confidential