When the scope of the Vulnerability Assessment is agreed, a proposal is created and each proposal is tailored to your business requirements. Proposals also clearly indicate the work estimate and methodology to be undertaken.
The Vulnerability Assessment itself is undertaken using a combination of manual and automated tools and techniques. Professional and experienced Security Consultants will undertake analysis of the target infrastructure and its components in order to determine the existence of and the extent of vulnerability. The findings of the testing are normalised using against good practice, your risk appetite, your business security objectives and requirements and the assets location and criticality (context analysis). All vulnerabilities are then categorised against a criteria of Criticality, Exploitability, Impact and Probability – this will draw out the real meaning to your business and provide "contextual" advice as to how this could potentially impact upon on your organisation.
The reports are tailored to meet your explicit needs and we will deliver high quality professional reports that outline clearly the vulnerabilities identified during the assessment, their potential to impact your business and importantly the report makes recommendations for risk mitigation.
The reports are designed to be relevant and readable at all levels from the CIO/Board-level to the ICT teams responsible for the Systems.
We further aim to reduce technical jargon to a minimum whilst maintaining a high-quality and usable report. In addition, we are able to provide technical briefings and security awareness training to support the improvement of systems following on from the report once delivered.