WebsiteSecurity is an initiative by which Bayer attempts to objectively assess the vulnerabilities of its internet websites. Given the ever increasing importance of the internet, the possible risks associated with such vulnerabilities are ongoing and increasing.
To be effective WebsiteSecurity must actively scan for known vulnerabilities. Hosting companies must, therefore, understand the nature of the scans and agree for them to be carried out. Website owners must make sure that their providers are aware of this requirement and agree to allow scans to be carried out by signing a Penetration Test Agreement with Bayer.
WebsiteSecurity scans are carried out on a regular basis, and hosting companies are informed in advance when a scan is scheduled. They are also required to assign a contact person who can liaise with the Corporate Cyber Defense Center (CCDC) in the case of problems.
Website owners and webmastets are subsequently informed by the CCDC of any possible issues (cause, possible consequences and necessary changes). It is expected that any changes that must be made as a result of the scans will be made without charge. A prompt reaction to any findings by WebsiteSecurity is important for the security of the relevant website.
The results of all tests and subsequent actions are collated and maintained within a database and reported to the CIO Office and the relevant security officer.