Technical Vulnerability Assessment
Identification and Management of Technical Vulnerabilities
Included in the risks that should be identified by an organization regularly are technical vulnerabilities. These vulnerabilities may include missing patches on computing devices, misconfigurations accidentally performed by staff members or consultants, or insecure network architecture. While the reasons are many, the result is the same, elevated risk to the confidentiality, integrity, and availability of your organization's sensitive information.
Vulnerability Management describes a program in which technical vulnerabilities are identified through testing, remediated when found, retested for verification, and managed by a system of policies, supporting procedures, and adequately trained personnel.
RISC Management & Consulting can assist your organization in performing comprehensive technical vulnerability testing. The Security Engineers at RISC use numerous best in class tools to establish a thorough view of your security posture. The output of these tools is used in a number of ways including:
-
Comparing security controls and system configuration to organizational policy.
-
Comparing the state of security to compliance requirements such as HIPAA, PCI-DSS, and ISO 27002.
-
Comparing the actual network architecture to the organization's understanding of the network architecture.
-
Developing a technical vulnerability assessment report that provides a compliance, business, and technical review of the state of information security.
A RISC technical vulnerability test provides technical staff with the tactical information they need to remediate vulnerabilities quickly and accurately. RISC reporting provides clear identification of vulnerabilities as well as remediation steps and information, whenever it is available.
The RISC technical vulnerability assessment report also provides senior IT management with an overview of the state of security, the relative rating of impact and risk, and information in statistical and graphical formats suitable for Executive and Board-level reporting.
RISC Management & Consulting also takes the time to walk all of our clients through each section of the report to ensure complete understanding and maximum usefulness of the information.
After the Test - Remediation
A technical vulnerability test should be followed by necessary remediation activity. An organization can leverage the information in the report to focus the efforts of limited IT resources to remediate the highest priority vulnerabilities and the most sensitive systems. RISC Management & Consulting can assist your organization in developing priorities, identifying timelines, developing project planning tools, documenting efforts, remediation assistance, and post-remediation verification testing.
Program Components
Additionally, RISC can assist you, or even develop for you, the necessary vulnerability management program documents such as:
-
Policies
-
Procedures
-
Schedules
-
Checklists
All of these components are required to demonstrate an adequate vulnerability management program. Program components should be developed and ready in the event of an audit. Don't wait until after your information has been compromised to find out if vulnerabilities are being adequately managed!
Vulnerability Assessment Depth
RISC can perform technical vulnerability assessments at a level of depth that is appropriate for your organization and your data security needs and priorities. RISC offerings begin with vulnerability scanning and escalate in intensity, verification, and analysis. RISC offers the following levels of technical assessment:
-
Vulnerability Assessment Scanning
-
Penetration Testing (PEN Test)
-
Application & Web Fuzz Testing
-
Black Box Testing
-
White Box Testing