Elements and Performance Criteria
- Prepare to run vulnerability assessment
- Obtain work details and scope from required personnel and arrange for site access in compliance with required security arrangements, legislation, codes, regulations and standards
- Discuss and evaluate scanning tools and select according to vulnerability assessment requirements
- Establish testing regime and schedule, and documentation requirements according to organisational needs
- Run vulnerability assessment and penetration test
- Perform vulnerability assessment according to organisational procedures
- Identify and document vulnerabilities arising from vulnerability assessment according to organisational procedures
- Run a simple penetration test according to organisational procedures
- Identify and document potential threats arising from penetration test according to organisational procedures
- Contribute and develop ideas in addressing vulnerabilities
- Finalise vulnerability assessment process
- Discuss vulnerabilities identified in vulnerability assessment and penetration testing with required personnel
- Contribute ideas with required personnel and remediate vulnerabilities identified according to organisational procedures
- Escalate unresolved vulnerabilities to required personnel
- Document identified vulnerabilities and work performed according to organisational procedures
- Report to management and confirm vulnerability assessment with required personnel