Welcome to Scribd!

Enterprise Threat Vulnerability Management Policy - tcm38 323797 PDF

Uploaded by

0% found this document useful (0 votes)

6 views3 pages

The State of Minnesota Threat and Vulnerability Management Policy requires the state to maintain a program to identify and remediate security vulnerabilities within state IT systems. The policy aims to protect public data and services by monitoring for threats and vulnerabilities and addressing the most critical issues. All employees, vendors, and contractors must be aware of and follow security policies and procedures, while IT and security personnel have specific responsibilities to implement controls, provide training, and notify others of risks. The policy applies to all state executive branch agencies and is intended to maintain the availability, confidentiality, and integrity of state data.

Original Description:

Original Title

enterprise-threat-vulnerability-management-policy_tcm38-323797.pdf

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

6 views3 pages

Enterprise Threat Vulnerability Management Policy - tcm38 323797 PDF

Uploaded by

IT Samuel

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 3

Search inside document

Threat and Vulnerability Management Policy

From the Office of the Chief Information Officer, State of Minnesota

Version: 1.5
Effective Date: 1/1/2016
Revised: 10/1/2022

Policy Statement
The State of Minnesota must maintain a threat and vulnerability management program to identify and
remediate information security vulnerabilities.

Reason for the policy

To adequately protect the data and services entrusted to the State of Minnesota by the public it is necessary to
identify and remediate vulnerabilities within State IT systems. Monitoring for threats, vulnerabilities, and
advisories along with vulnerability scanning and penetration testing identify security weaknesses within systems
and allows for prioritization of resources to address the most critical areas. Timely remediation of vulnerabilities
is critical to maintaining the availability, confidentiality, and integrity of State data.

Roles & Responsibilities

• Employees, Vendors, and Contractors
o Be aware of and follow relevant information security policies, standards, and procedures.
o Ensure information security is incorporated into processes and procedures.
o Ensure contract language with contractors and vendors includes required information security
controls.
o Consult with information security staff on the purchase and procurement of information
technology systems or services.
o Contact information security staff or email GRC@state.mn.us with questions about the
information security policies, standards, or procedures.
• Supervisors and Managers

Threat and Vulnerability Management Policy 1

oEnsure employees and contractors are proficient in the information security policies,
standards and procedures that are relevant to their role.
o Hold employees accountable for following the information security policies, standards, and
procedures.
• Information Technology Personnel
o Apply appropriate controls to the design, operation and maintenance of systems, processes,
and procedures in conformance with the information security policies, standards, and
procedures.
• Information Security Personnel
o Develop, maintain, and assess compliance with the information security policies, standards,
and procedures.
o Develop, maintain, and implement a comprehensive information security program.
o Provide training on information security policies, standards, and procedures.
o Assist agencies and personnel with understanding and implementing information security
policies, standards, and procedures.
o Notify appropriate personnel of applicable threats, vulnerabilities and risks to State data or
systems.
• Agency Data Practices Personnel

o Assist agencies and personnel with questions on proper data use, collection, storage,
destruction, and disclosure.

Applicability
This policy applies to all departments, agencies, offices, councils, boards, commissions, and other entities in the
executive branch of Minnesota State Government.

Related Information
Threat and Vulnerability Management Standard

State Standards and Authoritative Source Cross Mapping

Glossary of Information Security Terms

History
Version Description Date

1.0 Initial Release 4/21/2015

Threat and Vulnerability Management Policy 2

Version Description Date

1.1 Added Compliance Enforcement Date 12/29/2015

1.2 Updated Compliance Enforcement Date and Template 12/20/2016

1.3 Updated Compliance Enforcement Date 10/4/2017

1.4 Modified document title and minor edits 3/10/2020

1.5 Removed Compliance Enforcement Date and grammatical updates 10/1/2022

Contact
GRC@state.mn.us

Threat and Vulnerability Management Policy 3

Information Security Roles & Responsibilities: Purpose
Document5 pages
Information Security Roles & Responsibilities: Purpose
Luis Fernando Quintero Henao
No ratings yet
Information Security Plan
Document11 pages
Information Security Plan
John J. Macasio
100% (1)
OLFM Training5
Document22 pages
OLFM Training5
Srinibas
100% (1)
It Security Assessment Tools
Document8 pages
It Security Assessment Tools
ominostanco
No ratings yet
Cisa Syllabus CBL
Document4 pages
Cisa Syllabus CBL
hossainmz
No ratings yet
Information Security Governance & Risk Management
Document37 pages
Information Security Governance & Risk Management
samirdas_hyd
70% (10)
Data Quality Procedure
Document8 pages
Data Quality Procedure
Alex
No ratings yet
USG Risk Assessment Checklist
Document7 pages
USG Risk Assessment Checklist
Shady Al-Seuri
No ratings yet
MRC Information Security Policy v1 2
Document40 pages
MRC Information Security Policy v1 2
XY5XRc2i
No ratings yet
Cissp: (Certified Information Systems Security Professional)
Document143 pages
Cissp: (Certified Information Systems Security Professional)
shinwahasan
No ratings yet
Sap Fund MGMT
Document21 pages
Sap Fund MGMT
Rupang Shah
No ratings yet
Resume Murugan Muthu
Document6 pages
Resume Murugan Muthu
yuva kumar
No ratings yet
Data Governance Checklist - 0
Document5 pages
Data Governance Checklist - 0
Muhammad Ammad
100% (1)
Information Security Risk Assessment Checklist
Document7 pages
Information Security Risk Assessment Checklist
Adil Raza Siddiqui
No ratings yet
Test Bank With Answers of Accounting Information System by Turner Chapter 03
Document25 pages
Test Bank With Answers of Accounting Information System by Turner Chapter 03
Ebook free
100% (7)
Applied
Document5 pages
Applied
vhlast23
No ratings yet
ISO 27001 Checklist A (Vinz)
Document18 pages
ISO 27001 Checklist A (Vinz)
Dhanya Ram
100% (1)
Information Security Policy Template
Document5 pages
Information Security Policy Template
Prateek
No ratings yet
Information Security Risk Management Policy: General Description
Document8 pages
Information Security Risk Management Policy: General Description
Amr M. Amin
No ratings yet
Cyber Security Risk Mitigation Checklist
Document33 pages
Cyber Security Risk Mitigation Checklist
uiuiuiu
No ratings yet
Sales Digest (Malizon)
Document8 pages
Sales Digest (Malizon)
Crystal Joy Malizon
No ratings yet
Cryptography Policy
Document6 pages
Cryptography Policy
Hasain Ahmed
No ratings yet
The Lean Launchpad Educators Guide-130614151038-Phpapp02
Document141 pages
The Lean Launchpad Educators Guide-130614151038-Phpapp02
Pantea-Bogdan Lavinia
No ratings yet
VPN Access Policy V 1.1
Document10 pages
VPN Access Policy V 1.1
Birhan
No ratings yet
The Structure of ISO 27001
Document11 pages
The Structure of ISO 27001
Mohammed Abdus Subhan
100% (1)
3M Case Study (Case Study Solution Available)
Document5 pages
3M Case Study (Case Study Solution Available)
Kazriel
79% (14)
Enterprise Information Security Risk Management Program Policy - tcm38 323799
Document3 pages
Enterprise Information Security Risk Management Program Policy - tcm38 323799
IT Samuel
No ratings yet
9 - Information Security Policy
Document5 pages
9 - Information Security Policy
pentesting.443
No ratings yet
Auditing The Information Security Function Kevin Wheeler, CISSP
Document29 pages
Auditing The Information Security Function Kevin Wheeler, CISSP
Envisage123
No ratings yet
Hardware and Network Servicing: LO4: Determine Network Security
Document17 pages
Hardware and Network Servicing: LO4: Determine Network Security
Sami Nur
No ratings yet
Giducos Policyplan
Document6 pages
Giducos Policyplan
Ralph Ivan Bantiding Giducos
No ratings yet
Isms
Document21 pages
Isms
Amitava Mukherjee
No ratings yet
Data Protection Breach Management Policy
Document6 pages
Data Protection Breach Management Policy
Jamie Del Castillo
No ratings yet
MAS Technology Risk Management Guidelines
Document12 pages
MAS Technology Risk Management Guidelines
Seph Lwl
No ratings yet
Lab01 - IAP301 - L Duy Vinh - HE163984
Document4 pages
Lab01 - IAP301 - L Duy Vinh - HE163984
vinhldhe163984
No ratings yet
Personal Data Breach & Incident Handling Procedure
Document11 pages
Personal Data Breach & Incident Handling Procedure
Sanda Nechifor
No ratings yet
Cs-Csps Niap Ism Job Description Eng v1.1
Document7 pages
Cs-Csps Niap Ism Job Description Eng v1.1
daniel hamdani
No ratings yet
5 2+Information+Security+Roles+and+Responsibilities
Document4 pages
5 2+Information+Security+Roles+and+Responsibilities
pomowoh476
No ratings yet
MPA Content Security Best Practices v5.2 Aug30 2023 Release
Document88 pages
MPA Content Security Best Practices v5.2 Aug30 2023 Release
sachadelaplaya
No ratings yet
8 - Information Classification and Protection Policy
Document6 pages
8 - Information Classification and Protection Policy
pentesting.443
No ratings yet
IT Infrastructure Management
Document11 pages
IT Infrastructure Management
shivansh tiwari
No ratings yet
IAS Reviewer
Document11 pages
IAS Reviewer
Raissa Gonzaga
No ratings yet
Enhancing Information System Security - Strategies For Compliance and Proactive Defence
Document10 pages
Enhancing Information System Security - Strategies For Compliance and Proactive Defence
Amit kapooria
No ratings yet
Ccna Security Ch2 Understanding Security Policies Lifecycle Approach
Document7 pages
Ccna Security Ch2 Understanding Security Policies Lifecycle Approach
florinn81
No ratings yet
SBCP Information Security and Governance Overview
Document8 pages
SBCP Information Security and Governance Overview
Kavya Gopakumar
No ratings yet
State of Minnesota: Enterprise Security Strategic Plan
Document14 pages
State of Minnesota: Enterprise Security Strategic Plan
adina
No ratings yet
ICT Security Policy
Document21 pages
ICT Security Policy
joseph living
No ratings yet
LAB10
Document5 pages
LAB10
Nguyen Dinh Quan (K15 HCM)
No ratings yet
POI Data Privacy Protection ONLINE
Document5 pages
POI Data Privacy Protection ONLINE
John J. Macasio
No ratings yet
The State University of Zanzibar: Department of Computer Science and Information Technology Course Outline
Document3 pages
The State University of Zanzibar: Department of Computer Science and Information Technology Course Outline
Badal Mohamed
No ratings yet
Job Description - Data Privacy Analyst
Document2 pages
Job Description - Data Privacy Analyst
Syed Manzur
No ratings yet
Policy Development: Audience IT Department Management Legal Stockholders
Document5 pages
Policy Development: Audience IT Department Management Legal Stockholders
Aleir Pinsala
No ratings yet
Chapter 9 and 10
Document17 pages
Chapter 9 and 10
Meraol
No ratings yet
SagarRane (10 0) PDF
Document7 pages
SagarRane (10 0) PDF
swaroopa Rani
No ratings yet
Data Governance Checklist: PTAC-CL, Dec 2011
Document7 pages
Data Governance Checklist: PTAC-CL, Dec 2011
Tejeswara Rao
No ratings yet
Unit-3 Info Secu
Document7 pages
Unit-3 Info Secu
workwithasr04
No ratings yet
Data Management and Is
Document2 pages
Data Management and Is
tamanimo
No ratings yet
Ryan Taylor-Thomas
Document4 pages
Ryan Taylor-Thomas
sanju
No ratings yet
Human Resources Information Security Policy
Document11 pages
Human Resources Information Security Policy
asokan
No ratings yet
Cybersecurity CISO Vital Part Operations
Document11 pages
Cybersecurity CISO Vital Part Operations
seek4sec
No ratings yet
ISM UNIT 1 Notes
Document44 pages
ISM UNIT 1 Notes
sreenidhi
No ratings yet
ITEC 85 Module 5 - Information-Assurance-Policy
Document5 pages
ITEC 85 Module 5 - Information-Assurance-Policy
Janine C
No ratings yet
2651 270508 04 NathanJohns
Document19 pages
2651 270508 04 NathanJohns
sa9317982
No ratings yet
Cle Unit - 3 PDF
Document31 pages
Cle Unit - 3 PDF
Yugal Singam
No ratings yet
CCISO Course Outline
Document15 pages
CCISO Course Outline
shrikant
No ratings yet
Ceisb Module1
Document74 pages
Ceisb Module1
Atheeya Fathima
No ratings yet
Full Value of Data: Driving Business Success with the Full Value of Data. Part 3
From Everand
Full Value of Data: Driving Business Success with the Full Value of Data. Part 3
Tom Lesley
No ratings yet
International Business The Challenges of Globalization 8Th Full Chapter
Document41 pages
International Business The Challenges of Globalization 8Th Full Chapter
tyler.brady625
100% (30)
3m Bandra Order
Document5 pages
3m Bandra Order
akbutta
No ratings yet
Equity Share Agreement
Document7 pages
Equity Share Agreement
Dhruv Khurana
No ratings yet
Royal Ahold
Document13 pages
Royal Ahold
gayatrichaudhary
No ratings yet
Post Testing Techniques To Measure Advertising Effectiveness.
Document23 pages
Post Testing Techniques To Measure Advertising Effectiveness.
Tanisha Jaiswal
No ratings yet
Ljudskih Resursa U Funkciji Uspješnosti Na Radu
Document4 pages
Ljudskih Resursa U Funkciji Uspješnosti Na Radu
cardusandusan
No ratings yet
Inventory Tata Steel
Document9 pages
Inventory Tata Steel
Jaspreet Singh
No ratings yet
Welcome To VALS
Document3 pages
Welcome To VALS
dedu1957
No ratings yet
3 CS341-Design Project Slot S
Document1 page
3 CS341-Design Project Slot S
sumesh sankar
No ratings yet
Introduction Inventory Control
Document16 pages
Introduction Inventory Control
tommyhendrickx
100% (1)
Marketing of Milk
Document10 pages
Marketing of Milk
papai96
No ratings yet
University of The Cordilleras Accounting 1/2 Lecture Aid
Document3 pages
University of The Cordilleras Accounting 1/2 Lecture Aid
Jesseca Josafat
No ratings yet
Sample Bank Modeling Template
Document47 pages
Sample Bank Modeling Template
Shamir Sharief
No ratings yet
f2cdfMODULE Menu Engineering
Document3 pages
f2cdfMODULE Menu Engineering
Utkarsh Hsraktu
No ratings yet
Chapter 7 Notes
Document7 pages
Chapter 7 Notes
Savy Dhillon
No ratings yet
Comparative Study of HR Practice and Policies in Manufacturing and Service Sector Organization
Document12 pages
Comparative Study of HR Practice and Policies in Manufacturing and Service Sector Organization
Kanika Rustagi
No ratings yet
Chapter 4 Intermediate Accounting
Document5 pages
Chapter 4 Intermediate Accounting
mohamad ali osman
No ratings yet
Slide 3 - LEVERAGING RESOURCES AND CAPABILITIES
Document11 pages
Slide 3 - LEVERAGING RESOURCES AND CAPABILITIES
Xiao Yun Yap
No ratings yet
Secure Workflow Transactions: Release 13 HCM Cloud Common Features
Document27 pages
Secure Workflow Transactions: Release 13 HCM Cloud Common Features
zafar.ccna1178
No ratings yet
EMS-Assignment No.7
Document2 pages
EMS-Assignment No.7
Romeo Chua
No ratings yet
Chapter 4 5 Usefulness of AIS For Effective OP
Document22 pages
Chapter 4 5 Usefulness of AIS For Effective OP
Mitzi Basa Dimain
No ratings yet
Fundamentals of Corporate Finance Australian 3rd Edition Berk Solutions Manual
Document28 pages
Fundamentals of Corporate Finance Australian 3rd Edition Berk Solutions Manual
EricaBrownozdja
100% (11)
Compare Two Web Pages or Articles - Copyscape 1
Document16 pages
Compare Two Web Pages or Articles - Copyscape 1
Anonymous zXwP003
No ratings yet