Prevention

For the purpose of computer security incidents prevention Information Systems Security Bureau informs its users on all known vulnerabilities, new security threats and measures for information systems protection, publishes security warnings and guidelines for the best practice in technical fields of information security, implements vulnerability scanning of information systems, and organizes consultations and educations within the field of information systems security.

Vulnerability scanning is a component of vulnerability management, and the best preventive action implemented for the purpose of raising awareness on information system security. Information Systems Security Bureau implements vulnerability scanning as a part of a process of security accreditation of classified information systems, or based upon a request submitted by the state authorities, local and regional self-government bodies and legal persons with public authority which within the scope of their work use classified and unclassified information.

PROCEDURE

Information Systems Security Bureau conducts vulnerability scanning based upon submitted Request for vulnerability scanning of information system and an official letter signed by the head of a body or legal person.

Contact persons within bodies or legal persons are information security advisors, or heads of CERT teams or their deputies.

All details regarding time and date of vulnerability scanning are arranged after an official Request for vulnerability scanning of information system is received.

TECHNICAL CHARACTERISTICS

Vulnerability scanning is conducted for web applications and/or network services of information systems, during which specialized tools are used, in accordance with the principle of good practice. Network resistance to DoS attacks is not provided, because of possibility to diminish the effect of vulnerability scanning to normal functioning of computer networks and services.

DELIVERY OF RESULTS

After vulnerability scanning is conducted results are officially delivered to the head of a body or legal person.

Results of vulnerability scanning include a list of detected security issues and recommendations for their resolution, that are helpful for system administrators who are maintaining security of computer networks.