Vulnerability Assessment
Technical Assistance Program
  1. Serve as independent, non-biased experts focused on helping organizations improve their cybersecurity position.
  2. Provide external validation that logical IT security controls have or have not been properly implemented.
  3. Provide with reasonable assurance that new or modified processes put in place are or are not working as expected.
  4. Maintain client confidentiality in all security information projects.
What is a vulnerability assessment?

A vulnerability assessment is a thorough examination of your organization’s IT resources – in whole or as a sampling – in order to expose potential avenues that could be exploited to gain unauthorized access.

Not only does the vulnerability assessment include traditional scanning via commercial and open source tools, but that activity is coupled with a technical review and validation process that is based upon scripted information gathering and analysis focusing on operating systems and databases.

This takes vulnerability assessments one step further by also looking at the cybersecurity posture of the organization through analysis of its policies, key procedures/processes, and personnel attitudes toward security.

Assessment findings can include things such as inconsistent patch management processes, non-compliance with regulatory requirements, and defaults left in place. Our final deliverable to you is an executive summary of the assessment process and results, a detailed spreadsheet of the findings, and a list of prioritized recommendations with actionable information to mitigate vulnerabilities.

Why is a vulnerability assessment needed?

The foundation of any cybersecurity program is to have a full understanding your own system.

While it is fairly straightforward to inventory all the hardware and software that comprises your network, it is much more difficult to know how all the various applications and configurations could have opened the door for a cyber attack.  Knowing the variety of ways your system could be exploited allows you to shut the door before it is discovered by someone else.

The targeted technical review and validation work performed by the Cyber Readiness Center can help management gain a degree of comfort that specific logical security processes, automated controls, and settings governing the organization’s IT are in place and working as expected.

Our vulnerability assessment is helpful in not only determining vulnerabilities that could be exploited by external attackers, but also help prevent the accidental cyber incident caused by someone internal to the organization.

Who should get an assessment?
  • Oil and gas organizations
  • Hospitals and other healthcare related entities
  • Manufacturing/supply chain companies
  • Military contractors
  • Local, state, and county jurisdictional departments/agencies
  • Financial institutions
  • Insurance companies
  • Higher education
  • School districts
  • Any organization needing to meet compliance
Where are the assessments performed?

Unlike other assessment services that look only at network vulnerabilities by accessing your system remotely and then conduct an automated analysis resulting in a highly templated findings document, the Cyber Readiness assessor will travel to the location of your servers and work side-by-side with your designated IT staff to ensure the most appropriate data is collected and documented.

This data collection step can take from three to five days depending on the scope of the project. The assessor then returns to analyze the data and report findings.

How much does a Cyber Readiness Center vulnerability assessment cost?

There is no fixed cost as the price is based on the unique scope of each project.  As part of the Texas A&M Engineering Extension Service, we operate on a complete cost recovery basis.  As preliminary discussions make clear the amount of time and travel required, a proposal with the statement of work, price, and timeframe will be presented for consideration.

How do we get started?

To learn more and discuss the parameters of your needs contact:

Paul Wiggins, CISSP

Program Manager

Manage Your Risk Better

Risk management in any organization is about maximizing the good and minimizing the bad. In order to effectively do this, the decision-makers need to have all the pertinent information in front of them.  While risk management data for other operational processes can be obtained fairly easily, understanding the threats, potential loss, and probability of occurrence for IT systems is much more difficult because of the compounding factors.  Our vulnerability assessment will reduce these uncertainties allowing you to better manage the organization’s risk.

Technical Approach

The Cyber Readiness Center vulnerability assessment is conducted through both manual and automated tests. Our experienced team uses a multi-phased testing process utilizing a combination of commercial tools and custom scripts.  For a more complete and accurate assessment, we also identify control and process weaknesses that can be exploited by a cyber attacker or a malicious insider.

The overall approach involves:

  • Network vulnerability testing
  • Conformance with organizational policies
  • Process validation
  • Configuration review
  • Analysis of system-generated information, including:
    • Windows, Linux, and UNIX operating systems
    • MS SQL, Oracle, and MySQL databases

Get started with our vulnerability assessment services:

Step 1

  • null

    Contact our specialist to discuss scope and schedule

Step 2

  • null

    Proposal is delivered and contract executed

Step 3

  • null

    Data is gathered via site-visit and VPN access

Step 4

  • null

    Data is compiled and analyzed

Step 5

  • null

    Findings and recommended actions are formulated

Step 6

  • null

    Conference call briefing and final report delivered

Contact our resident vulnerability assessment expert to discuss your needs.

Andrew Jarrett