Information security assessment automation

These are tool that are implemented by the information security program to perform automated assessment of organizational standards related to:

  • Vulnerability and patch compliance: Validating information system patch levels and vulnerability across the enterprise to include:
    • Server and workstation operating systems (Windows, Linux, and so on)
    • Network devices (Routers, Switches, and so on)
    • Server software applications (Database, email, DNS, and so on)
    • Desktop applications (Microsoft Word, Adobe Acrobat, and so on)
  • Network and configuration management: Ensuring compliance with organizational change management policies as well as information security baselines:
    • Manages the thousands of configuration items related to the information system and allows for common secure configurations
    • Performs the discovery and inventory of information system assets
    • Discovery and restriction of unauthorized software and hardware
  • Software assurance: The development and implementation of software that is free from exploitable vulnerabilities and works as intended:
    • Static code analysis
    • Web application vulnerability scanners
    • Database vulnerability scanners
  • License and asset management: Tools that help the organization make an inventory of hardware and software locations on the enterprise network or individual information system:
    • These tools offer management of software deployment and provisioning, asset discovery and information collection, and software and hardware usage.
    • These functions may be integrated into other tools implemented by the organization. For example, your network or configuration management tools may include asset management.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.187.103