A key requirement of compliance mandates and security standards such as ISO 27001, HIPAA, PCI DSS, and others is that organizations must conduct a comprehensive and thorough assessment of the potential risks and vulnerabilities to the Confidentiality, Integrity, and Availability (CIA) of all sensitive, confidential information. These mandates require organizations to complete a comprehensive and thorough vulnerability assessment on a regular schedule.
Technical Vulnerability Assessment Service supports several distinct components, including:
The following are the brief stages involved in the assessment:
A subset of systems will be identified as in-scope for both the external & internal networks as applicable; these are the systems that will be scanned/tested. The objective of the vulnerability assessment is to identify potential security risks & vulnerabilities within these in-scope systems.
Data gathered is analyzed against policies, HIPAA regulations, standard best practices, & vendor security bulletins in order to determine potential risks & exposures to the computing environment. The results of these vulnerability scans/tests are to be used as the basis for determining the security posture & risk of other systems not directly tested.