Vulnerability Assessments & Risk Analysis
The SRG Vulnerability Management and Cyber Risk Analysis services deliver a comprehensive report that includes detailed information about exploits and possible threats to which your IT policies, procedures, networks and systems are vulnerable. We rate these exploits and threats according to their risk levels along with detailed information about the exploits and threats, specifically naming them and describing how they work.
This service tests a customer’s technology environment to assess business risks that may exist and that need to be addressed. These are point-in-time tests that provide the customer with additional cyber security information and provide another layer of due diligence as part of the customer’s overall cyber security program.
The most important element in any security program is to gain an understanding of security risks and vulnerabilities. These services provide that understanding so plans can be made to remediate the risk issues identified and improve overall security posture.
The assessment services are completed in four (4) major stages:
- Review and scanning
- Threat analysis
- Rescanning to confirm findings
- Detailed reporting including recommendations
- Web Application Assessments
Internet-facing websites that expose or allow access to your corporate information. These assessments test the network to the website, the web application itself, the IT systems they run on and the database behind the web application.
- External Network (Wired/Wireless) Assessments
Assessing the security of internet access points for risk.
- Internal Network Assessments
Assessing access within the confines of your internal environment.
- Security Policy Assessment
Assessing the effectiveness of existing security policies (strengths, weaknesses, gaps).
- IT Operational Controls Review
Providing an assessment of a customer’s current operational controls in general and specific to cyber security mapped against industry best practices.
- Threat Risk Assessment
Assessing the overall security of both IT and corporate governance and compliance.
- Privacy and Project Assessment
Assessing privacy or project technology changes and their impact on the organization’s security posture.
- Physical Assessments
Assessing perimeter security.
- Social Engineering (Physical and Logical)
Assessing the maturity of security awareness within an organization.
- IT Forensics
Investigations pertaining to assessing a security breach on IT equipment.
- Gain a clear understanding of any risk elements that exist in the customer environment.
- Cyber Security recommendations to meet business requirements.
- Foundation for overall security strategy and architecture design
- Prioritize threats and corrective actions according to the risks
- Establishes a security infrastructure that aligns with your business objectives