Service Description
Two main types of security risk assessment services are provided to user departments:
- System vulnerability assessment service
System vulnerability assessment service identifies potential vulnerabilities on their information systems and examine the security posture of the systems. - Web application vulnerability assessment service
Web application vulnerability assessment service identifies the possible vulnerabilities in the web applications before they are placed in production.
In general, individual vulnerability assessment could be completed within 5 business days, depending on the complexity of system / web application and the availability of the assessment resources.
Preparation prior to the assessment
Involvement of department / office is required for the success of the service. The following are some of their responsibilities:
- Department / office should clearly identify the scope for the vulnerability assessment and provide written authorization to our Cyber Security Team for that assessment
- A representative from department / office should be appointed as single point of contact during the service period
- Department / office should provide the necessary documentation to review
- Department / office should arrange internally for a time slot for the vulnerability assessment
- The remediation of the vulnerabilities identified from the assessment is not included in the service. Department / office should be responsible for the fixing
- Department / office should ensure a full and restorable backup (including both system and data) is available before the assessment
Eligible service requestor
Service hours and availability
- Service available hours: Office hours
Access to the service
Please provide the necessary information on system / application for the preparation of the assessment:
Policies
Service level
All user requests are classified as level 1 to 3 depending on their impact and urgency.
- Level 1 – User Request Resolution Time: 1 day
- Level 2 – User Request Resolution Time: 3 days
- Level 3 – User Request Resolution Time: 5 days