Audit of Vulnerability Assessment Program

Download Free Audit of Vulnerability Assessment Program

- Appropriate sponsorship and buy-in have been established for the vulnerability management program and associated processes.
- Members from the business, IT, and security groups represent and participate in the program.
- Key stakeholders have been identified and appointed.
- The scope of assets has been appropriately defined.
- Information security policies, standards, and guidelines exist, are documented, and are accessible.
- Risk-based determination and classification of risks exist.
- Roles and responsibilities have been defined, documented, and communicated.
- Effective communication and escalation processes have been documented and communicated.
- The capability to track remediation of vulnerabilities exists.
- A method of quickly identifying new vulnerabilities is available.
- Monitoring controls have been integrated to minimize the impact of vulnerabilities.
- Measurement of the effectiveness of the program has been established.
- Reports are routinely created and distributed to key stakeholders and interested parties.