Vulnerability Assessments & Risk Analysis

The SRG Vulnerability Management and Cyber Risk Analysis services deliver a comprehensive report that includes detailed information about exploits and possible threats to which your IT policies, procedures, networks and systems are vulnerable. We rate these exploits and threats according to their risk levels along with detailed information about the exploits and threats, specifically naming them and describing how they work.

This service tests a customer’s technology environment to assess business risks that may exist and that need to be addressed. These are point-in-time tests that provide the customer with additional cyber security information and provide another layer of due diligence as part of the customer’s overall cyber security program.

The most important element in any security program is to gain an understanding of security risks and vulnerabilities. These services provide that understanding so plans can be made to remediate the risk issues identified and improve overall security posture.

The assessment services are completed in four (4) major stages:

  1. Review and scanning
  2. Threat analysis
  3. Rescanning to confirm findings
  4. Detailed reporting including recommendations

Service Types

  • Web Application Assessments
    Internet-facing websites that expose or allow access to your corporate information. These assessments test the network to the website, the web application itself, the IT systems they run on and the database behind the web application.
  • External Network (Wired/Wireless) Assessments
    Assessing the security of internet access points for risk.
  • Internal Network Assessments
    Assessing access within the confines of your internal environment.
  • Security Policy Assessment
    Assessing the effectiveness of existing security policies (strengths, weaknesses, gaps).
  • IT Operational Controls Review
    Providing an assessment of a customer’s current operational controls in general and specific to cyber security mapped against industry best practices.
  • Threat Risk Assessment
    Assessing the overall security of both IT and corporate governance and compliance.
  • Privacy and Project Assessment
    Assessing privacy or project technology changes and their impact on the organization’s security posture.
  • Physical Assessments
    Assessing perimeter security.
  • Social Engineering (Physical and Logical)
    Assessing the maturity of security awareness within an organization.
  • IT Forensics
    Investigations pertaining to assessing a security breach on IT equipment.


  • Gain a clear understanding of any risk elements that exist in the customer environment.
  • Cyber Security recommendations to meet business requirements.
  • Foundation for overall security strategy and architecture design
  • Prioritize threats and corrective actions according to the risks
  • Establishes a security infrastructure that aligns with your business objectives