The purpose of a Vulnerability
Assessment is to undertake an exercise to determine the extent of vulnerability
within an organisation's infrastructure components (servers, networks,
desktops, applications, gateways, security appliances etc.).
Prior to any work being undertaken
our Security Consultants will work with you to determine the scope of the
assignment based on your business objectives and the explicit requirements of
the exercise. This is to ascertain whether the vulnerability assessment is in
response to a direct threat, security breach, or simply as a peace of mind
check to ensure systems are healthy and in good order. Perhaps as a company you
are seeking to satisfy the needs of regulatory bodies or accreditors. Whatever
the need or motivation Thales can tailor a service to suit your requirements.
When the scope of the Vulnerability
Assessment is agreed, a proposal is created and each proposal is tailored to
your business requirements. Proposals also clearly indicate the work estimate
and methodology to be undertaken.
The Vulnerability Assessment itself
is undertaken using a combination of manual and automated tools and techniques.
Professional and experienced Security Consultants will undertake analysis of
the target infrastructure and its components in order to determine the
existence of and the extent of vulnerability. The findings of the testing are
normalised using against good practice, your risk appetite, your business
security objectives and requirements and the assets location and criticality
(context analysis). All vulnerabilities are then categorised against a criteria
of Criticality, Exploitability, Impact and Probability – this will draw out the
real meaning to your business and provide "contextual" advice as to
how this could potentially impact upon on your organisation.
The reports are tailored to meet
your explicit needs and we will deliver high quality professional reports that
outline clearly the vulnerabilities identified during the assessment, their potential
to impact your business and importantly the report makes recommendations for
The reports are designed to be
relevant and readable at all levels from the CIO/Board-level to the ICT teams
responsible for the Systems.
We further aim to reduce technical
jargon to a minimum whilst maintaining a high-quality and usable report. In
addition, we are able to provide technical briefings and security awareness
training to support the improvement of systems following on from the report