Vulnerability Management Standard
1. Purpose
The purpose of this IT Vulnerability Management Standard is to provide a framework for preventative, detective, responsive and remedial procedures to address vulnerabilities that could compromise the security of RFG Foods IT assets effectively.
2. IT Assets
The following diagram represents a simplified version of RFG Foods IT infrastructure and assets:
2.1. The Internet Connection is the point of entry for all network traffic and is protected by a firewall.
2.2. The DMZ hosts publicly accessible services like web servers.
2.3. The Corporate Network contains typical IT assets such as servers, workstations, printers, switches, routers, wireless access points and other networking equipment.
2.4. The OT Network Devices consists of programmable logic controls (PLCs), human machine interfaces (HMIs), switches and other industrial devices.
3. Preventative Procedures
3.1. Vulnerability Scanning: Regularly scan all IT assets using FortiClient Enterprise Management Solution to identify potential vulnerabilities.
3.2. Patch Management: Manage and deploy software patches and updates to all endpoints using Microsoft System Center Configuration Manager (SCCM).
3.3. Change Management: Deploy a system for tracking and managing changes to the IT environment.
3.4. Backup and Recovery: Maintain reliable backup and disaster recovery procedures to mitigate the impact of vulnerabilities and potential incidents.
3.5. Configuration Management: Maintain secure configurations for all systems and applications.
3.6. Identity and Access Management: Deploy SailPoint for managing, reviewing and revoking access.
3.7. Network Security: Deploy FortiGate firewalls to protect the network infrastructure from external attacks. The firewalls are configured to allow only authorized traffic and block all unauthorized access attempts.
3.8. Email Security: Deploy Mimecast email security to protect against email-based attacks such as phishing and malware. The email security solution will be configured to scan all inbound and outbound emails for potential threats.
3.9. Endpoint Security: Deploy an Endpoint manager to protect endpoints from potential threats. The solution will be configured to detect and respond to potential threats.
3.10. Cloud Security: Deploy Microsoft Defender for Cloud Apps to monitor and protect against unauthorized access attempts to RFG Foods cloud-based applications.
4. Detective Procedures
4.1. Testing: Conduct regular vulnerability assessments and penetration testing to identify weaknesses and validate the effectiveness of RFG Foods security controls.
4.2. Monitoring and detection: Deploy Firewall rules and Security Incident Event Management (SIEM) to alert and detect unauthorized access or unusual activities on critical systems that could indicate exploitation of vulnerabilities.
4.3. Threat Intelligence: Subscribe to a threat intelligence feed to stay informed about emerging vulnerabilities and threats.
5. Responsive Procedures
5.1. Incident Response: Maintain an incident response procedure that outlines the procedures for responding to potential security incidents. The plan will include the roles and responsibilities of all personnel involved in the incident response process.
6. Remedial Procedures
6.1. Vulnerability Remediation: Prioritize and remediate identified vulnerabilities based on their risk level. Vulnerabilities rated as critical and high risk must be addressed immediately, followed by medium and low-risk vulnerabilities.
6.2. Containment: If an incident is confirmed, take immediate steps to contain it and prevent further damage or unauthorized access. Isolate affected systems or networks.
6.3. Eradication: Identify and eliminate the root cause of the incident, such as removing malware or closing vulnerabilities.
6.4. Recovery: Work on restoring affected systems and services to normal operation while ensuring their security. Implement measures to minimize downtime and data loss.
6.5. Post-Incident Review: Conduct a post-incident review to evaluate the effectiveness of the response and identify areas for improvement. Update the vulnerability management standard and security policies accordingly.
6.6. Training and Awareness: Provide regular security awareness training to all employees. The training covers topics such as password management, phishing awareness, and other cybersecurity best practices.