The purpose of a Vulnerability Assessment is to undertake an exercise to determine the extent of vulnerability within an organisation's infrastructure components (servers, networks, desktops, applications, gateways, security appliances etc.).
Prior to any work being undertaken our Security Consultants will work with you to determine the scope of the assignment based on your business objectives and the explicit requirements of the exercise. This is to ascertain whether the vulnerability assessment is in response to a direct threat, security breach, or simply as a peace of mind check to ensure systems are healthy and in good order. Perhaps as a company you are seeking to satisfy the needs of regulatory bodies or accreditors. Whatever the need or motivation Thales can tailor a service to suit your requirements.
When the scope of the Vulnerability Assessment is agreed, a proposal is created and each proposal is tailored to your business requirements. Proposals also clearly indicate the work estimate and methodology to be undertaken.
The Vulnerability Assessment itself is undertaken using a combination of manual and automated tools and techniques. Professional and experienced Security Consultants will undertake analysis of the target infrastructure and its components in order to determine the existence of and the extent of vulnerability. The findings of the testing are normalised using against good practice, your risk appetite, your business security objectives and requirements and the assets location and criticality (context analysis). All vulnerabilities are then categorised against a criteria of Criticality, Exploitability, Impact and Probability – this will draw out the real meaning to your business and provide "contextual" advice as to how this could potentially impact upon on your organisation.
The reports are tailored to meet your explicit needs and we will deliver high quality professional reports that outline clearly the vulnerabilities identified during the assessment, their potential to impact your business and importantly the report makes recommendations for risk mitigation.
The reports are designed to be relevant and readable at all levels from the CIO/Board-level to the ICT teams responsible for the Systems.
We further aim to reduce technical jargon to a minimum whilst maintaining a high-quality and usable report. In addition, we are able to provide technical briefings and security awareness training to support the improvement of systems following on from the report once delivered.