Assessing risk is one of the main components in the Interagency
Guidelines Establishing Standards for Safeguarding Customer
Information. In order to manage and control your risk, it is crucial
to identify vulnerabilities that intruders may be able to exploit.
An IT vulnerability assessment on any outside connections to your
institution will test your defenses against thousands of known
utilities and techniques from the ever-growing hacker community. The
result is a preventative report that will identify the severity of
the deficiencies in your network defenses and a comparison with
other institutions’ results. Regularly scheduled IT vulnerability
assessments are an essential component in your information security
program.
Vulnerability Assessments options:
- Comprehensive
IT Vulnerability Assessment / Risk Assessment (cVRAPT)
- External
IT Vulnerability Risk Assessment & Penetration Testing (eVRAPT)
- Internal
IT Vulnerability Assessment (iVRA)
Each engagement is unique and Mile2 Assessors will
dynamically introduce attack methods relative to the vulnerabilities
identified. Our attacks are designed to mimic the actions and
techniques of a hacker. IT Vulnerability Assessments will include
but not be limited to the following:
The Final Report will provide detailed information in the
following format:
Finding: Mile2 will clearly
identify the vulnerability and in what manner it was discovered
Risk: Indicates the potential for
damage if an attacker exploited the vulnerability. Risks in this
report are delineated in the following categories:
High – Severe: This level of risk
is most serious as it relates to an actual or imminent breach in
network security. Threats listed as Severe represent require
immediate attention and remediation.
High: Findings with this level of
risk are serious deficiencies that can or will result in serious
breaches in the network's ability to be and maintain its security
posture. Findings where little or no technical experience is
required to exploit these vulnerabilities are listed in this
category.
Medium: Findings listed as medium
indicate that while the exploit of the listed vulnerability would
only elicit minimal damage or information leaks, the nature of the
threat should be remedied.
Low: Findings in this section may
not present an actual threat. The inclusion of a finding in this
category indicates a policy or procedure that is not in keeping
with industry best practices for logical and physical security
controls.
Informational: Informational findings either do not relate to
network security or highlight unique strengths in the security
posture of the network.
Domain: A majority of network
deficiencies can are attributable to one of three categories:
Confidentiality, Integrity, and Availability. In some cases, a
finding might overlap domains and your report will indicate which
one or all of the domains to which your finding relates.
Recommendation: Mile2 will provide
clear and concise recommendations as to the proper method of
vulnerability mitigation. These detailed instructions typically
include both logical and technical solutions for dealing with risks
appropriately. Recommendations generally include but are not limited
to the following: Sample configurations, Patch and service pack
recommendations, Training – Technical and/or Security Awareness,
Best Practice recommendations, Vendor specific recommendations.
Full documentation of our work will
be maintained and printouts of such work are included as part of the
Final Report. Upon completion an Exit Interview will be scheduled
with the Client’s internal review committee.
Request an
obligation free quote for a IT Vulnerability Assessment. |
