Understand your organisation’s technical vulnerabilities.
What is technical vulnerability assessment?
Technical Vulnerability assessment covers a broad range of activities which are intended to determine the degree to which an organisation, system, or information asset is exposed to potential compromise, the impact of such a compromise, and the likelihood of it occurring, through primarily technical means.
Technical vulnerability assessment feeds into risk management by providing objective information that can be used to determine organisational impact, and absolute risk level.
Similarly, it is not a replacement for penetration testing, but could be considered as more of a supportive or adjunctive service; providing additional information to better scope or interpret the results from penetration testing activities.
There are different types of technical vulnerability assessment activity, and a wide range of approaches that can be taken. These should be driven primarily by internal risk management and security strategy, but will typically fall into the following categories.
Primarily automated detection and reporting of technical vulnerabilities affecting systems, this is a common mechanism for obtaining a quick overview of the technical security of a system or application. Many compliance requirements include an expectation of regular automated vulnerability scanning.
A detailed inspection of system, network or appliance configuration, this service validates that a chosen configuration is in line with both security best practice and organisational goals – making recommendations where these disagree or where the configuration falls short.
Firewall Rule Audit
A detailed inspection and review of the rules configured on physical firewall appliances and virtual firewalls installed on individual hosts, this service aims to provide assurance that our clients don’t permit traffic into or out of their networks that they aren’t expecting.
Internet and Social Media Profile
A review of public information exposed by the organisation, possibly unintentionally, which could be of value to an attacker.