We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Publication - Advice and guidance

Scottish Cyber Coordination Centre - vulnerability coordination: policy and procedure

Published
3 January 2025
From
Director of Digital
Directorate
Digital Directorate
Topic
Public safety and emergencies, Public sector
ISBN
9781836911869

Outlines the policy and procedure for Scottish Cyber Coordination Centre (SC3) to alert and, where appropriate, coordinate responses from the Scottish public sector organisations, to cyber-attacks that exploit a previously unknown vulnerability.

View supporting documents Supporting documents

Individual Organisations - NCSC Vulnerability Disclosure Service and Advice:

3.1 SC3 encourages organisations to recognise that it is helpful to have an open and clear policy on external identification and reporting of network vulnerabilities

3.2 SC3 advises organisation to follow the NCSC advice and guidance on vulnerability management for the public sector. [1]

3.3 Security vulnerabilities are discovered all the time and ethical hackers / vulnerability researches should be encouraged to report through appropriate channels. The NCSC's Vulnerability Disclosure Toolkit[2] contains the essential components an organisation needs to set up its own vulnerability disclosure process. This updated version also includes additional information on implementing a disclosure process, including validation and triage.

3.4 SC3 advises organisation to regularly monitor the CISA Known Exploited Vulnerability Catalog[3] for all known and exploited vulnerabilities.

Contact

Email: SC3@gov.scot

Back to top