Information security in general practice

Securing your network and equipment

Vulnerability assessment and penetration testing

        1. Vulnerability assessment and penetration testing

Vulnerability assessment and penetration testing

Vulnerability assessment and penetration testing (VAPT) is commonly used to test the security of information networks. Vulnerability assessment works to identify security weaknesses in an IT network. Penetration testing simulates real-world scenarios to discover and exploit security gaps that may lead to unauthorised system access and stolen records.

VAPT should be performed regularly:

  • as part of standard IT and network security management
  • when new infrastructure or applications are added to the network
  • when user policies are changed
  • when there are significant system upgrades.

For more information on VAPT, contact your IT professional.

Standards indicator

C6.4A Our practice has a team member who has primary responsibility for the electronic systems and computer security.

You must have at least one team member who has primary responsibility for the electronic systems and computer security.

 

Create a policy: Network perimeter controls

Your network perimeter control policy should provide details of the hardware and software protecting your network, including remote and wireless access networks.

Your policy should cover:

  • the configuration details of all network perimeter control hardware and software
  • how network perimeter controls are managed
  • version details of all hardware and software
  • details of ongoing maintenance and support requirements
  • configuration of your network perimeter controls and appropriate settings for your practice
  • details of who can access your network through the perimeter controls and how this is done
  • details on downloading or installing additional programs and utilities
  • third-party and vendor access rights and confidentiality agreements
  • the use of a VPN for all remote access
  • information on avoiding the use of public or open and unsecured networks when accessing your practice systems remotely
  • the importance of regularly scanning of your networks to identify security weaknesses
  • how and when to audit logs for unauthorised access and unusual or inappropriate activity.

Advertising