Vulnerability assessments are an integral component of a comprehensive security program. In fact, a well-functioning vulnerability management system, including testing and remediation, is often cited by industry standards and regulatory bodies as an essential requirement for security and mandatory for compliance.
What is a Vulnerability Assessment?
The US National Institute of Standards and Technology (NIST) defines a vulnerability as “a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.” Thus, a vulnerability is a weakness that can be exploited by adversaries to advance their goals.
Cyber security professionals are trained to consider vulnerabilities from a technical perspective, such as flaws identified in software platforms or configuration issues that can be leveraged by an attacker to gain access.
How can a Vulnerability Assessment help your business?
Johnson Technical Security’s Vulnerability Assessments help you stay ahead of cyber criminals. Our regularly updated scan engine identifies external network vulnerabilities so you can keep your data safe. Vulnerability scanning identifies top risks such as misconfigured firewalls, malware hazards, remote access vulnerabilities, and can be used for cyber security or compliance mandates.
Scope of Work:
• Planning and Defining Scope
• Gathering Information on the Infrastructure
• Internal Network Scan
• External Network Perimeter Scan
• Report Findings
Step 1: The cyber security team identify the way business processes are carried out in the organisation and agreed with the business on the assessment scope.
Step 2: The security team will gather information about hardware and software present in the network environment. More specifically, the team define whether the network has open ports or services that shouldn’t be open and get an understanding of the software and driver configurations. They will also identify virtual and physical servers, as well as the security measures that were already in place, such as firewalls and intrusion detection and prevention systems (IPS/IDS).
Step 3: The security team will use a variety of scanning tools which will be configured upon gaining the necessary information on the network. The internal and External scans will then be carried out to accomplish the desired results.
Step 4: The security team will provide the organisation with a report containing the list of vulnerabilities, mentioning their severity level (low, medium or high) and defining corrective measures to reduce risks.
Contact our team for more information – email us on email@example.com or call us on 01277 888799