Assessing the vulnerabilities of your network and IT assets is essential for understanding the risks facing your organization. The Center for Internet Security (CIS) ranks vulnerability assessment third in its 20 critical security controls for effective cyberdefense (CIS Controls).
“Organizations that do not scan for vulnerabilities and proactively address discovered flaws face a significant likelihood of having their computer systems compromised.” *
What is a vulnerability assessment?
A vulnerability assessment is broken down into two different phases:
- Scanning & diagnosis
- Results assessment
Scanning & Diagnosis: Our IT expert will use a network scanning device to identify potential points of exploitation on a network or computer and identify security holes within that system. The scanner’s repository of vulnerabilities is updated just before every scan to include any newly identified items, and is compatible with the Common Vulnerabilities and Exposures (CVE) Index, which standardizes the names of vulnerabilities across diverse security products and vendors.
Results Assessment: Once these items are identified, a severity rating is assigned as follows: critical; severe; moderate; or clean. From the severity rating, a mitigation strategy is created to address the most critical items first, and then move down the list in severity level. This mitigation strategy will include information about specific software patches, downloadable fixes and reference content about security weaknesses.
To better facilitate HIPAA compliance in your organization, you should accompany your vulnerability scan with a full Security Risk Analysis and HIPAA Security Education for your staff.
Join our webinar to learn more about these important HIPAA Privacy and Security Topics.
Webinar – HIPAA Security: Find Vulnerabilities Before Attackers Do
Thursday, March 26, 2020 12:00 PM ET
Call 859-323-3090 or email Kentucky REC HIPAA Privacy and Security experts with your questions, or if you want to talk to a security expert to schedule your vulnerability assessment.
Center for Internet Security (CIS) Controls List
MITRE Corporation’s Common Vulnerabilities and Exposures