Vulnerability Analysis
Security maturity business interview, technical interview, network scans, closing with a consultative Executive Briefing.
Security maturity business interview, technical interview, network scans, closing with a consultative Executive Briefing.
|
The Vulnerability Analysis is an educational assessment that provides you a snapshot of the state of security in your business and immediate and mid-term guidance for practical risk reduction.
|
Figure 1 - A snippet of the Plain Language Summary included with the assessment.
|
Figure 2 - Security Lifecycle Analysis, explaining the state of Protection, Detection, and Response.
|
We gather data through a series of technical scans, open-source intelligence (OSINT), interviews, and other discretionary techniques. The output of these processes are then collectively interpreted and used to produce a customized Executive Summary.
The project concludes with an interactive executive briefing with prioritized findings and guidance for security maturity. After the briefing, the written summary and any supporting documentation will be delivered electronically. These deliverables may be used either internally or with 3rd parties to guide risk reduction efforts. |
How we do it
- Data Gathering: Conduct business and technical interviews, network scans, and open-source intelligence gathering
- Data Processing: Analyze the data gathered and build an executive summary
- Consultative Briefing: Present findings and provide collaborative guidance for improving security maturity
Conclusion: Consultative Briefing
|
The Vulnerability Analysis ends with a consultative executive briefing for company leadership and technical lead(s). During the meeting, we review findings in an executive summary report and discuss prioritized recommendations to provide direction for your growth in security maturity.
|
Figure 3 - Snippet of the Next Steps section of the summary report.
|
Prioritized Recommendations
Figure 4 - A snippet of the technical remediation punch-list.
|
Inputs
|
FAQ
What’s the difference between a Vulnerability Analysis and a Vulnerability Assessment?
What’s the difference between a Vulnerability Analysis and a Vulnerability Assessment?
- A Vulnerability Analysis is a process of combining objective technical scan findings with an understanding of your business priorities gained through a personal interview. It results in a customized executive summary and a consultative final briefing. It’s focused on collaborative planning for security maturity.
- A Vulnerability Assessment is typically a set of technical scan reports. It may or may not come with a customized interpretation for your business, but briefings are generally technical in nature.
In short, an Assessment is a list of technical things that are wrong and which you need to do something about. There is much variability in whether you’ll receive strategic or tactical business guidance related to technology.
- This is most beneficial for organizations of any size with low-to-moderate security maturity
- This assessment will give very practical, prioritized guidance to improve the overall security maturity of the organization
- No, this is based on live interviews, open-source research, and a review of technical settings on various devices
- We believe that penetration tests are often a waste of money until an organization reaches a moderate-to-high security maturity level; the money saved on penetration testing can be spent remediating real problems, therefore this vulnerability analysis can be used to determine if a penetration test will be cost-effective
- No, this is not an audit
- Since this analysis produces security best-practice recommendations, it may assist with compliance, but it is not designed to be a compliance consultation; "compliance" is a broad topic and you would need to pursue a gap analysis for the specific regulation/standard for which you're seeking compliance