• Home

  • Documents

  • VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc
24
1 VERSION HISTORY VERSION APPROVED BY REVISION DATE DESCRIPTION OF CHANGE AUTHOR PREPARED BY TITLE DATE APPROVED BY TITLE DATE VULNERABILITY ASSESSMENT REPORT

VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

  • Upload
    others

  • View
    6

  • Download
    0

Embed Size (px)

Citation preview

Page 1: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

1

VERSION HISTORY

VERSION APPROVED BY REVISION DATE DESCRIPTION OF CHANGE AUTHOR

PREPARED BY TITLE DATE

APPROVED BY TITLE DATE

VULNERABILITY ASSESSMENT REPORT

http://bit.ly/2V24xq7
http://bit.ly/2Xr4AKV
Page 2: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

2

TABLE OF CONTENTS TABLE OF CONTENTS ............................................................................................................................................................. 2

1. INTRODUCTION ............................................................................................................................................................. 4

2. PROJECT SCOPE ........................................................................................................................................................... 4

A. IN SCOPE .................................................................................................................................................................... 4

B. OUT OF SCOPE ........................................................................................................................................................... 4

3. ACTIVITIES SCHEDULE ................................................................................................................................................... 5

A. FIRST DAY .................................................................................................................................................................... 5

B. SECOND DAY ............................................................................................................................................................. 5

C. THIRD DAY ................................................................................................................................................................... 5

4. BACKGROUND INFORMATION .................................................................................................................................... 6

5. CLIENT ORGANIZATION ................................................................................................................................................ 6

6. ASSET IDENTIFICATION .................................................................................................................................................. 7

A. ASSET IDENTIFICATION PROCESS .............................................................................................................................. 7

B. TANGIBLE ASSETS ........................................................................................................................................................ 7

C. INTANGIBLE ASSETS .................................................................................................................................................... 7

7. THREAT ASSESSMENT ..................................................................................................................................................... 8

A. THREAT ASSESSMENT PROCESS ................................................................................................................................. 8

B. THREATS TO THE CLIENT ORGANIZATION ................................................................................................................. 8

B1. NATURAL THREATS ........................................................................................................................................................ 8

B2. INTENTIONAL THREATS .................................................................................................................................................. 8

B3. UNINTENTIONAL THREATS ............................................................................................................................................. 8

8. LAWS, REGULATIONS, AND POLICY ............................................................................................................................ 9

9. FEDERAL LAW AND REGULATION ................................................................................................................................ 9

10. CLIENT ORGANIZATION POLICY .................................................................................................................................. 9

A. VULNERABILITIES: CLIENT ORGANIZATION POLICY ................................................................................................ 10

11. PERSONNEL .................................................................................................................................................................. 11

A. MANAGEMENT ......................................................................................................................................................... 11

B. OPERATIONS ............................................................................................................................................................. 11

C. DEVELOPMENT ......................................................................................................................................................... 11

D. VULNERABILITIES: PERSONNEL ................................................................................................................................. 12

12. NETWORK SECURITY .................................................................................................................................................... 13

A. PUBLIC NETWORK RESOURCES AND SITES .............................................................................................................. 13

B. PARTNER CONNECTIONS AND EXTRANETS ............................................................................................................ 13

C. VULNERABILITIES: NETWORK SECURITY ................................................................................................................... 14

Page 3: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

3

13. SYSTEM SECURITY ........................................................................................................................................................ 15

A. VULNERABILITIES: SYSTEM SECURITY ........................................................................................................................ 15

14. APPLICATION SECURITY .............................................................................................................................................. 16

A. VULNERABILITIES: APPLICATION SECURITY ............................................................................................................. 16

15. OPERATIONAL SECURITY ............................................................................................................................................ 17

A. VULNERABILITIES: OPERATIONAL SECURITY ............................................................................................................ 17

16. PHYSICAL SECURITY .................................................................................................................................................... 18

A. VULNERABILITIES: PHYSICAL SECURITY .................................................................................................................... 18

B. VULNERABILITIES: BUILDING ..................................................................................................................................... 19

C. VULNERABILITIES: PERIMETER SECURITY ................................................................................................................... 20

D. VULNERABILITIES: SERVER AREA .............................................................................................................................. 21

17. SUMMARY .................................................................................................................................................................... 22

18. ACTION PLAN .............................................................................................................................................................. 22

19. REFERENCES ................................................................................................................................................................ 23

Page 4: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

4

1. INTRODUCTION

2. PROJECT SCOPE

A. IN SCOPE

B. OUT OF SCOPE

Page 5: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

5

3. ACTIVITIES SCHEDULE A. FIRST DAY

B. SECOND DAY

C. THIRD DAY

Page 6: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

6

4. BACKGROUND INFORMATION

5. CLIENT ORGANIZATION

Page 7: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

7

6. ASSET IDENTIFICATION A. ASSET IDENTIFICATION PROCESS

B. TANGIBLE ASSETS

C. INTANGIBLE ASSETS

Page 8: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

8

7. THREAT ASSESSMENT A. THREAT ASSESSMENT PROCESS

B. THREATS TO THE CLIENT ORGANIZATION B1. NATURAL THREATS

B2. INTENTIONAL THREATS

B3. UNINTENTIONAL THREATS

Page 9: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

9

8. LAWS, REGULATIONS, AND POLICY

9. FEDERAL LAW AND REGULATION

10. CLIENT ORGANIZATION POLICY

Page 10: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

10

A. VULNERABILITIES: CLIENT ORGANIZATION POLICY

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 11: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

11

11. PERSONNEL

A. MANAGEMENT

B. OPERATIONS

C. DEVELOPMENT

Page 12: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

12

D. VULNERABILITIES: PERSONNEL

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 13: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

13

12. NETWORK SECURITY

A. PUBLIC NETWORK RESOURCES AND SITES

B. PARTNER CONNECTIONS AND EXTRANETS

Page 14: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

14

C. VULNERABILITIES: NETWORK SECURITY

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 15: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

15

13. SYSTEM SECURITY

A. VULNERABILITIES: SYSTEM SECURITY

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 16: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

16

14. APPLICATION SECURITY

A. VULNERABILITIES: APPLICATION SECURITY

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 17: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

17

15. OPERATIONAL SECURITY

A. VULNERABILITIES: OPERATIONAL SECURITY

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 18: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

18

16. PHYSICAL SECURITY

A. VULNERABILITIES: PHYSICAL SECURITY

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 19: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

19

B. VULNERABILITIES: BUILDING

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 20: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

20

C. VULNERABILITIES: PERIMETER SECURITY

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 21: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

21

D. VULNERABILITIES: SERVER AREA

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 22: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

22

17. SUMMARY

18. ACTION PLAN

Page 23: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

23

19. REFERENCES

Page 24: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc

24

DISCLAIMER Any articles, templates, or information provided by Smartsheet on the website are for reference only. While we strive to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, templates, or related graphics contained on the website. Any reliance you place on such information is therefore strictly at your own risk.


Cloud Vulnerability Assessment

Cloud Vulnerability Assessment

Documents
CORRUPTION VULNERABILITY ASSESSMENT

CORRUPTION VULNERABILITY ASSESSMENT

Documents
Water Vulnerability Assessment

Water Vulnerability Assessment

Documents
Vulnerability Assessment Report

Vulnerability Assessment Report

Documents
Climate Change Vulnerability Assessment and … Change Vulnerability Assessment and Adaptation Plan ... Paul Kirshen, ... Climate Change Vulnerability Assessment and Adaptation Plan

Climate Change Vulnerability Assessment and … Change Vulnerability Assessment and Adaptation Plan ... Paul Kirshen, ... Climate Change Vulnerability Assessment and Adaptation Plan

Documents
CLIMATE VULNERABILITY ASSESSMENT FOR THE INDIAN …dst.gov.in/sites/default/files/IHCAP_Climate Vulnerability Assessment... · District-level vulnerability assessment for IHR states

CLIMATE VULNERABILITY ASSESSMENT FOR THE INDIAN …dst.gov.in/sites/default/files/IHCAP_Climate Vulnerability Assessment... · District-level vulnerability assessment for IHR states

Documents
DIABETES VULNERABILITY ASSESSMENT · DIABETES VULNERABILITY ASSESSMENT HOW-TO GUIDE 5. DIABETES VULNERABILITY ASSESSMENT The Diabetes Vulnerability Assessment is an in-depth qualitative

DIABETES VULNERABILITY ASSESSMENT · DIABETES VULNERABILITY ASSESSMENT HOW-TO GUIDE 5. DIABETES VULNERABILITY ASSESSMENT The Diabetes Vulnerability Assessment is an in-depth qualitative

Documents
Database Assessment Vulnerability Assessment Course

Database Assessment Vulnerability Assessment Course

Documents
Windows Assessment Vulnerability Assessment Course

Windows Assessment Vulnerability Assessment Course

Documents
Vulnerability and Capacity Assessment (VCA): Sustainable ... · Vulnerability and Capacity Assessment (VCA): ... ‘6W2H’ Technique ... Overall Vulnerability and Capacity Assessment

Vulnerability and Capacity Assessment (VCA): Sustainable ... · Vulnerability and Capacity Assessment (VCA): ... ‘6W2H’ Technique ... Overall Vulnerability and Capacity Assessment

Documents
VULNERABILITY ASSESSMENT AND

VULNERABILITY ASSESSMENT AND

Documents
Hazard Vulnerability Assessment

Hazard Vulnerability Assessment

Documents
Climate Vulnerability Assessment

Climate Vulnerability Assessment

Documents
Vulnerability assessment

Vulnerability assessment

Environment
CYBERGYM Vulnerability Assessment

CYBERGYM Vulnerability Assessment

Documents
OpenVAS Vulnerability Assessment

OpenVAS Vulnerability Assessment

Documents
Vulnerability Assessment - 2015ndus.edu/uploads/resources/7049/ndus-vulnerability-assessment...North Dakota University System Vulnerability Assessment NDUS | 1 Mar 2016 . Page 1 1

Vulnerability Assessment - 2015ndus.edu/uploads/resources/7049/ndus-vulnerability-assessment...North Dakota University System Vulnerability Assessment NDUS | 1 Mar 2016 . Page 1 1

Documents
Vulnerability Assessment - North Dakota University …ndus.edu/uploads/resources/5410/ndus-vulnerability-assessment... · North Dakota University System Vulnerability Assessment NDUS

Vulnerability Assessment - North Dakota University …ndus.edu/uploads/resources/5410/ndus-vulnerability-assessment... · North Dakota University System Vulnerability Assessment NDUS

Documents
Efficient Distributed Vulnerability Assessment by ...infonomics-society.org/.../Efficient-Distributed-Vulnerability-Assessment-by-.pdf · Efficient Distributed Vulnerability Assessment

Efficient Distributed Vulnerability Assessment by ...infonomics-society.org/.../Efficient-Distributed-Vulnerability-Assessment-by-.pdf · Efficient Distributed Vulnerability Assessment

Documents
Security Vulnerability Self- Assessment Guide for Water ... · Security Vulnerability Self-Assessment Guide for Water ... Division of Drinking Water. ... Security Vulnerability Self-Assessment

Security Vulnerability Self- Assessment Guide for Water ... · Security Vulnerability Self-Assessment Guide for Water ... Division of Drinking Water. ... Security Vulnerability Self-Assessment

Documents
Network Vulnerability Assessment - Northwestern … Security Vulnerability Assessment Program Network Vulnerability Assessment Conducted by: Information Systems Security and Compliance

Network Vulnerability Assessment - Northwestern … Security Vulnerability Assessment Program Network Vulnerability Assessment Conducted by: Information Systems Security and Compliance

Documents
Vulnerability Assessment Framework

Vulnerability Assessment Framework

Documents
VULNERABILITY ASSESSMENT - UNHCR

VULNERABILITY ASSESSMENT - UNHCR

Documents
Vulnerability Assessment and Penetration Testing€™s the Difference?: Vulnerability Identification versus Penetration Testing: • Vulnerability Assessment: Generally, a vulnerability

Vulnerability Assessment and Penetration Testing€™s the Difference?: Vulnerability Identification versus Penetration Testing: • Vulnerability Assessment: Generally, a vulnerability

Documents
Vulnerability Assessment Tools

Vulnerability Assessment Tools

Documents
Vulnerability Assessment Plus Web Application Firewall · Vulnerability Assessment Plus Web Application Firewall ... Vulnerability assessment generated policies provide a WAF with

Vulnerability Assessment Plus Web Application Firewall · Vulnerability Assessment Plus Web Application Firewall ... Vulnerability assessment generated policies provide a WAF with

Documents
An Assessment of Maryland’s Vulnerability to Flooding Assessment of Maryland's Vulnerability... · An Assessment of Maryland’s Vulnerability to Flooding Page iii ... the Eastern

An Assessment of Maryland’s Vulnerability to Flooding Assessment of Maryland's Vulnerability... · An Assessment of Maryland’s Vulnerability to Flooding Page iii ... the Eastern

Documents
Seismic Vulnerability Assessment of Structures using ... · Seismic Vulnerability Assessment of Structures using ... 3.5.2 Data Processing and Modal ... Seismic Vulnerability Assessment

Seismic Vulnerability Assessment of Structures using ... · Seismic Vulnerability Assessment of Structures using ... 3.5.2 Data Processing and Modal ... Seismic Vulnerability Assessment

Documents
Climate & Health Vulnerability Assessment€¦ · Climate & Health Vulnerability Assessment PURPOSE This vulnerability assessment is intended to inform public health professionals

Climate & Health Vulnerability Assessment€¦ · Climate & Health Vulnerability Assessment PURPOSE This vulnerability assessment is intended to inform public health professionals

Documents
Vulnerability Assessment Course Applications Assessment

Vulnerability Assessment Course Applications Assessment

Documents