Add to collection(s) Add to saved
  1. No category
Uploaded by Justin Tran

SDC Vulnerability Management

advertisement 
CPP SDC Vulnerability
Management Process
Updated:
4/11/2022
CPP SDC Vulnerability Management
1.
TABLE OF CONTENTS
1.
TABLE OF CONTENTS
1
2.
SUMMARY
2
3. SCOPE OF VULNERABILITY MANAGEMENT
3
4. REASON FOR VULNERABILITY MANAGEMENT
4
5. INDIRECT VULNERABILITY MANAGEMENT
5
5.1 VPN Access
5
5.2 Proper Access Control
5
5.3 Network Segmentation
5
5.4 Security Operations Center
5
Page 1
CPP SDC Vulnerability Management
2.
SUMMARY
The Vulnerability Management process used by the Student Data Center (SDC) is in alignment with Cal
Poly Pomona and deems that any resources that are able to interact with critical school infrastructure
must have regular vulnerability scans conducted. However, within fully segmented networks within the
SDC that are fully separated out from the rest of the SDC vulnerability scanning is not required.
Page 2
CPP SDC Vulnerability Management
3. SCOPE OF VULNERABILITY MANAGEMENT
Within the SDC many different networks exist with varying levels of security. For the purpose of
vulnerability scanning only the “Main” and “HP Management” networks are in scope. These are able to
interact with school systems and could pose a possible threat to the overall security of the campus.
Page 3
CPP SDC Vulnerability Management
4. REASON FOR VULNERABILITY MANAGEMENT
The Vulnerability Management is designed to ensure that the SDC does not increase the attack surface
of the campus by providing threat actors an enhanced scope to attack. Another reason that vulnerability
management is in place is to help SDC staff respond to possible new vulnerabilities and patch them.
Page 4
CPP SDC Vulnerability Management
5. INDIRECT VULNERABILITY MANAGEMENT
The SDC employs multiple different ways to indirectly manage risks to infrastructure. These include, but
are not limited to:
5.1 VPN Access
In order to interact with critical resources within the SDC a VPN connection is required. This makes it so
only authorized users are able to access systems that are the backbone for the SDC.
5.2 Proper Access Control
The SDC implements Proper Access Control based on Privilege Separation and Principle of Least
Privilege. This ensures that only users that are intended to access these critical services can and those
not permitted have limited access.
5.3 Network Segmentation
As seen in the Change Control Process document, the SDC heavily segments the internal network to
stop any security threats exiting the network that they initially started on.
5.4 Security Operations Center
The SDC has an internal Security Operations Center (SOC) that detects any anomalous traffic and
includes the ability to detect and respond to any threats. This is in compliance with the school and any
security event that is critical will be escalated to school authorities.
Page 5
Related documents
What is sustainable development
What is sustainable development
Current databases available upon request
Current databases available upon request
4/12/13 [Draft: Please share comments with CETL] Accessible
4/12/13 [Draft: Please share comments with CETL] Accessible
Maximizing clock frequency using Quartus
Maximizing clock frequency using Quartus
ME 481 Outline.doc
ME 481 Outline.doc
Self-Disclosure
Self-Disclosure
Download
advertisement