Vulnerability scanning is a component of vulnerability management, and the best preventive action implemented for the purpose of raising awareness on information system security. Information Systems Security Bureau implements vulnerability scanning as a part of a process of security accreditation of classified information systems, or based upon a request submitted by the state authorities, local and regional self-government bodies and legal persons with public authority which within the scope of their work use classified and unclassified information.
Information Systems Security Bureau conducts vulnerability scanning based upon submitted Request for vulnerability scanning of information system and an official letter signed by the head of a body or legal person.
Contact persons within bodies or legal persons are information security advisors, or heads of CERT teams or their deputies.
All details regarding time and date of vulnerability scanning are arranged after an official Request for vulnerability scanning of information system is received.
Vulnerability scanning is conducted for web applications and/or network services of information systems, during which specialized tools are used, in accordance with the principle of good practice. Network resistance to DoS attacks is not provided, because of possibility to diminish the effect of vulnerability scanning to normal functioning of computer networks and services.
After vulnerability scanning is conducted results are officially delivered to the head of a body or legal person.
Results of vulnerability scanning include a list of detected security issues and recommendations for their resolution, that are helpful for system administrators who are maintaining security of computer networks.