Infosec Consulting
  • Home
  • Blog
  • Services and Products
    • Vulnerability Analysis
    • Downloads
  • About Us
    • Testimonials
    • Competencies and Qualifications
    • Contact
  • Book an Appointment
  • Home
  • Blog
  • Services and Products
    • Vulnerability Analysis
    • Downloads
  • About Us
    • Testimonials
    • Competencies and Qualifications
    • Contact
  • Book an Appointment
Vulnerability Analysis
​Security maturity business interview, technical interview, network scans, closing with a consultative Executive Briefing.

The Vulnerability Analysis is an educational assessment that provides you a snapshot of the state of security in your business and immediate and mid-term guidance for practical risk reduction.
Sample Plain Language Summary
Figure 1 - A snippet of the Plain Language Summary included with the assessment.

Security Lifecycle Analysis
Figure 2 - Security Lifecycle Analysis, explaining the state of Protection, Detection, and Response.
We gather data through a series of technical scans, open-source intelligence (OSINT), interviews, and other discretionary techniques. The output of these processes are then collectively interpreted and used to produce a customized Executive Summary. 
The project concludes with an interactive executive briefing with prioritized findings and guidance for security maturity. After the briefing, the written summary and any supporting documentation will be delivered electronically. These deliverables may be used either internally or with 3rd parties to guide risk reduction efforts.

How we do it
  1. Data Gathering: Conduct business and technical interviews, network scans, and open-source intelligence gathering
  2. Data Processing: Analyze the data gathered and build an executive summary
  3. Consultative Briefing: Present findings and provide collaborative guidance for improving security maturity

Conclusion: Consultative Briefing
​The Vulnerability Analysis ends with a consultative executive briefing for company leadership and technical lead(s). During the meeting, we review findings in an executive summary report and discuss prioritized recommendations to provide direction for your growth in security maturity.
Figure 3 - Snippet of the Next Steps section of the summary report.

Prioritized Recommendations​
Technical punch list
Figure 4 - A snippet of the technical remediation punch-list.
Inputs
  • Security maturity interview
  • External vulnerability scan
  • Internal vulnerability scan
  • Open-source intelligence gathering (OSINT)
Outputs
  • Educational executive summary briefing with business-focused, prioritized findings
  • Consultative security maturity guidance
  • Technical remediation punch list
  • Technical vulnerability scanner reports (supporting documentation)

FAQ
What’s the difference between a Vulnerability Analysis and a Vulnerability Assessment?
  • A Vulnerability Analysis is a process of combining objective technical scan findings with an understanding of your business priorities gained through a personal interview. It results in a customized executive summary and a consultative final briefing. It’s focused on collaborative planning for security maturity.
  • A Vulnerability Assessment is typically a set of technical scan reports. It may or may not come with a customized interpretation for your business, but briefings are generally technical in nature.
    In short, an Assessment is a list of technical things that are wrong and which you need to do something about. There is much variability in whether you’ll receive strategic or tactical business guidance related to technology. 
Who should purchase THIS vulnerability analysis? / Who is this for?
  • This is most beneficial for organizations of any size with low-to-moderate security maturity
  • This assessment will give very practical, prioritized guidance to improve the overall security maturity of the organization
Is this a pentest / penetration test / hacking?
  • No, this is based on live interviews, open-source research, and a review of technical settings on various devices
  • We believe that penetration tests are often a waste of money until an organization reaches a moderate-to-high security maturity level; the money saved on penetration testing can be spent remediating real problems, therefore this vulnerability analysis can be used to determine if a penetration test will be cost-effective
Is this an audit? Will this make me compliant?
  • No, this is not an audit
  • Since this analysis produces security best-practice recommendations, it may assist with compliance, but it is not designed to be a compliance consultation; "compliance" is a broad topic and you would need to pursue a gap analysis for the specific regulation/standard for which you're seeking compliance

About Us

Book a partnership call
We believe there is a better way.

Contact Us
​913-204-0227