Ballpark will consider all potential vulnerabilities applicable to a particular system, whether intrinsic or extrinsic. Vulnerabilities are to be considered both by the customer operations and engineering teams with regard to oWASP standards in software development and considering potential malicious processes within each department’s staff and managers.
Vulnerability information will be obtained from specialist security consultancies, local and national law enforcement agencies and security services, technology providers and contacts across the sector and region.
It is the responsibility of the Data Protection Officer to maintain channels of communication with appropriate specialist organisations.
Security incidents may be identified by scanning tools which are deployed across our operational and application infrastructure. These tools, when they identify an incident, map to the same levels as described in the incident response policy. Remediation of issues identified by our scanning and security systems must be dealt with within the same SLA structures.
Any device managed and owned by the company that connects to both public and private segments of the network are subject to scanning. In addition all applications that are accessible via public or private means are also scanned. Application and device scans are organised by individually defined IPs or domain name, shared storage, networking systems and organisational tools and IAM systems. Applications are a collection of hosts to be scanned and are targeted in groups relating to the application. Any new application shall be subject to scanning via the applicable tool described in the next section.
Frequency and Schedule of Scanning
All assets, devices, applications and tools in Ballpark are scanned according to a regular schedule but also on an ad-hoc basis at the discretion of the Security Team. Scans may also be triggered by the announcement of a security vulnerability.
Full application scanning is conducted weekly and monthly using tools provided by Intruder.io and Google Cloud Security Command Center. All company devices such as laptops and workstations are scanned on an ongoing basis according to the schedule on our vulnerability and/or virus/malware scanning systems.
Reporting and Remediation
Remediation of any scanning incidents discovered are subject to the same response policy as any security incident. The response phases for the incident will be invoked and analysed according to the priority matrix described in the Incident Response Policy.
Further detailed information on how Ballpark manages vulnerabilities is available in its Patch, Malware and Vulnerability Management Policy.
Author: Kelsey Traher, COO
Date of change: Jul 2022
Summary of changes: Initial version published.