HECVAT Tab
Infrastructure
This tab examines the technical security architecture and infrastructure controls of the solution.
It covers cloud-based offerings, network security components like web application firewalls and intrusion detection systems, and vulnerability management practices.
Questions address access controls, operating system currency, code security testing, and datacenter security measures.
The tab also explores incident handling procedures and separation of duties for security administration.
Categories
Explore the categories within the Infrastructure tab
General Information covers controls and questions related to that domain.
It outlines expectations institutions typically require from vendors.
The category helps assess risk posture and operational maturity.
It provides structure for consistent evaluation during security reviews.
Required Questions covers controls and questions related to that domain.
It outlines expectations institutions typically require from vendors.
The category helps assess risk posture and operational maturity.
It provides structure for consistent evaluation during security reviews.
Vulnerability Management covers controls and questions related to that domain.
It outlines expectations institutions typically require from vendors.
The category helps assess risk posture and operational maturity.
It provides structure for consistent evaluation during security reviews.
Incident Handling covers controls and questions related to that domain.
It outlines expectations institutions typically require from vendors.
The category helps assess risk posture and operational maturity.
It provides structure for consistent evaluation during security reviews.
Datacenter covers controls and questions related to that domain.
It outlines expectations institutions typically require from vendors.
The category helps assess risk posture and operational maturity.
It provides structure for consistent evaluation during security reviews.
Date Completed covers controls and questions related to that domain.
It outlines expectations institutions typically require from vendors.
The category helps assess risk posture and operational maturity.
It provides structure for consistent evaluation during security reviews.
Firewalls, IDS, IPS, and Networking covers controls and questions related to that domain.
It outlines expectations institutions typically require from vendors.
The category helps assess risk posture and operational maturity.
It provides structure for consistent evaluation during security reviews.
Application/Service Security covers controls and questions related to that domain.
It outlines expectations institutions typically require from vendors.
The category helps assess risk posture and operational maturity.
It provides structure for consistent evaluation during security reviews.
ResponseHub is the product I wish I had when I was a CTO
Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.
As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!
I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.
