Category: Delivery and operation

Subcategory: Security services

Vulnerability assessment - VUAS

Identifying and classifying security vulnerabilities in networks, systems and applications and mitigating or eliminating their impact.

Levels:

Level 2:
Description: Undertakes low-complexity routine vulnerability assessments using automated and semi-automated tools. Escalates issues where appropriate. Contributes to documenting the scope and evaluating the results of vulnerability assessments.

Level 3:
Description: Follows standard approaches to perform basic vulnerability assessments for small information systems. Supports creation of catalogues of information and technology assets for vulnerability assessment.

Level 4:
Description: Collates and analyses catalogues of information and technology assets for vulnerability assessment. Performs vulnerability assessments and business impact analysis for medium complexity information systems. Contributes to selection and deployment of vulnerability assessment tools and techniques.

Level 5:
Description: Plans and manages vulnerability assessment activities within the organisation. Evaluates, selects and reviews vulnerability assessment tools and techniques. Provides expert advice and guidance to support the adoption of agreed approaches. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems.