Documentation
    {{docApp.userSession.userId}}
    {{docApp.userSession.userName}}
    {{docApp.userSession.email}}
    Issuer : {{docApp.userSession.issuerInstance}}
    Expires : {{new Date(docApp.userSession.validUntil).toLocaleDateString()}}

{{docApp.title}}

{{docApp.description}}

How can we help?

{{docApp.searchError}}
{{product.name}}

Searching in {{docApp.searchFilterBySpecificBookTitle}}

{{docApp.searchResultFilteredItems.length}} results for: {{docApp.currentResultsSearchText}} in {{docApp.searchFilterBySpecificBookTitle}}
Search results have been limited. There are a total of {{docApp.searchResponse.totalResultsAvailable}} matches.

You have an odd number of " characters in your search terms - each one needs closing with a matching " character!

{{docApp.libraryHomeViewProduct.title || docApp.libraryHomeViewProduct.id}}

{{docApp.libraryHomeViewProduct.description}}

  1. {{book.title}}

{{group.title || group.id}}

{{group.description}}

  1. {{book.title}}

{{group.title}}

{{book.title}}
More...

Risk Management

Hornbill evaluates strategic and operational risks on an ongoing, ‘as necessary’ basis. This approach recognizes the rapid evolution and fast-changing nature of the business.

Risk assessments are carried out whenever there is a change to any of the Assets (e.g. addition or removal of assets), to the scope of the Information Security System, changes to code, or to the risk environment.

The impact that might result from each threat vulnerability is defined as part of the risk assessment methodology as the value of the Asset which the threat-vulnerability combination would exploit and this figure is held for each attribute within the Risk assessment spreadsheet. The realistic likelihood that each of these failures might occur is assessed using the likelihood scale from risk The risk levels are then automatically calculated, for each risk and shown in the Risk Rating column for that asset.

All risks are stored within the risk register (Part of the Hornbill GRC tool) and therefore escalated\rolled upwards to the board.

Any residual risks must get management approval.

Vulnerability Management

All software\hardware is assessed and all current vulnerabilities identified using various sources (Vendor information, CVE lists\NIST Lists, and in-house testing) on a weekly basis (CVE critical on a daily basis).

Any critical vulnerabilities are either resolved\patched or mitigated by the process within 12 hours, High within 48 hours, medium within 1 week, and Low within 1 month.

Criteria for Review & Prioritization include (Not Limited to)

  1. Whether affected software/hardware is installed\used and to what level.
  2. Whether vulnerability can be exploited (Does it require access via locked down ports etc).
  3. Is the vulnerability mitigated by any other process\policy or standard operating procedures?
  4. How practical is the vulnerability exploit. Is it proof of concept?
  5. Whether other means have been taken to prevent exploitation. All Outcomes of review are to be recorded in weekly security incident call logged within Hornbill client and actions taken to address any outcomes.
  • Version {{docApp.book.version}}
  • Node {{docApp.node}} / {{docApp.build}}
In This Document