A vulnerability assessment is a thorough examination of your organization’s IT resources – in whole or as a sampling – in order to expose potential avenues that could be exploited to gain unauthorized access.
Not only does the vulnerability assessment include traditional scanning via commercial and open source tools, but that activity is coupled with a technical review and validation process that is based upon scripted information gathering and analysis focusing on operating systems and databases.
This takes vulnerability assessments one step further by also looking at the cybersecurity posture of the organization through analysis of its policies, key procedures/processes, and personnel attitudes toward security.
Assessment findings can include things such as inconsistent patch management processes, non-compliance with regulatory requirements, and defaults left in place. Our final deliverable to you is an executive summary of the assessment process and results, a detailed spreadsheet of the findings, and a list of prioritized recommendations with actionable information to mitigate vulnerabilities.
The foundation of any cybersecurity program is to have a full understanding your own system.
While it is fairly straightforward to inventory all the hardware and software that comprises your network, it is much more difficult to know how all the various applications and configurations could have opened the door for a cyber attack. Knowing the variety of ways your system could be exploited allows you to shut the door before it is discovered by someone else.
The targeted technical review and validation work performed by the Cyber Readiness Center can help management gain a degree of comfort that specific logical security processes, automated controls, and settings governing the organization’s IT are in place and working as expected.
Our vulnerability assessment is helpful in not only determining vulnerabilities that could be exploited by external attackers, but also help prevent the accidental cyber incident caused by someone internal to the organization.
Unlike other assessment services that look only at network vulnerabilities by accessing your system remotely and then conduct an automated analysis resulting in a highly templated findings document, the Cyber Readiness assessor will travel to the location of your servers and work side-by-side with your designated IT staff to ensure the most appropriate data is collected and documented.
This data collection step can take from three to five days depending on the scope of the project. The assessor then returns to analyze the data and report findings.
There is no fixed cost as the price is based on the unique scope of each project. As part of the Texas A&M Engineering Extension Service, we operate on a complete cost recovery basis. As preliminary discussions make clear the amount of time and travel required, a proposal with the statement of work, price, and timeframe will be presented for consideration.
To learn more and discuss the parameters of your needs contact:
Risk management in any organization is about maximizing the good and minimizing the bad. In order to effectively do this, the decision-makers need to have all the pertinent information in front of them. While risk management data for other operational processes can be obtained fairly easily, understanding the threats, potential loss, and probability of occurrence for IT systems is much more difficult because of the compounding factors. Our vulnerability assessment will reduce these uncertainties allowing you to better manage the organization’s risk.
The Cyber Readiness Center vulnerability assessment is conducted through both manual and automated tests. Our experienced team uses a multi-phased testing process utilizing a combination of commercial tools and custom scripts. For a more complete and accurate assessment, we also identify control and process weaknesses that can be exploited by a cyber attacker or a malicious insider.
The overall approach involves: