Vulnerability Assessment

Vulnerability Assessment Services

A key requirement of compliance mandates and security standards such as ISO 27001, HIPAA, PCI DSS, and others is that organizations must conduct a comprehensive and thorough assessment of the potential risks and vulnerabilities to the Confidentiality, Integrity, and Availability (CIA) of all sensitive, confidential information. These mandates require organizations to complete a comprehensive and thorough vulnerability assessment on a regular schedule.

Technical Vulnerability Assessment Service supports several distinct components, including:

  • External Assessment
  • Internal Assessment
  • Firewall Assessment
  • Wireless Assessment
  • Social Engineering Assessment

The following are the brief stages involved in the assessment:

  • Scope & preparation
  • Discovery & vulnerability analysis
  • Exploitation (penetration tests only)
  • Reporting & documentation

A subset of systems will be identified as in-scope for both the external & internal networks as applicable; these are the systems that will be scanned/tested. The objective of the vulnerability assessment is to identify potential security risks & vulnerabilities within these in-scope systems.

Data gathered is analyzed against policies, HIPAA regulations, standard best practices, & vendor security bulletins in order to determine potential risks & exposures to the computing environment. The results of these vulnerability scans/tests are to be used as the basis for determining the security posture & risk of other systems not directly tested.