A full Vulnerability and Risk Assessment analyzes policies, procedures, architecture, configurations, hardware and software to identify potential strategic cyber security threats and the potential consequences of exploitation for both IT and OT systems.
Scope of Assessment
Policies
Comprehensive IT policy review
Disaster recovery plan review
Business continuity plan review
Device and media control policy review
Security incident procedure review
Log monitoring process review
Workforce security policy review
Workforce “hire and fire” policy review
Risk management process review
Infrastructure
Backup power, UPS and generator capacity
Facility cooling capacity and redundancy
Server wiring and cabling
Server rack infrastructure
Application Scanning
Discovery of all internal web applications
Application vulnerability assessment
Application server vulnerability scanning
Servers & Systems
- Server inventory including detected OS’s
- Server vulnerability reports
Server resource utilization
Server backup processes
- Redundancy / high availability configuration
- Anti-virus/anti-malware systems
IT asset inventory processes
- Server update processes
Identity and authentication systems
Information Security
Sensitive data inventory
Data classification
Data risk analysis
Data encryption review
Access authorization procedures access controls
Network
- Complete network discovery mapping
Discovered network inventory list
- Internal network device vulnerability scan
- External network device vulnerability scan
- Firewall vulnerability scan
- IDS/IPS review
- Spam filtering review
- Web filter device review
Data loss prevention systems review
