 |
 |
(310) 696-4500 |
 | ||
 | ||
|
Vulnerability Assessment Frequently Asked QuestionsA vulnerability assessment can dramatically improve the security of your organization by exposing security problems within it. We have created the following FAQ to address questions commonly asked by executives. 1. What is a vulnerability assessment?
What is a vulnerability assessment?Vulnerability assessments are security tests that are used to determine if your network is susceptible to attack. They are most comprehensive and effective when done using a combination of manual techniques and automated vulnerability assessment software. Why are vulnerability assessments important?Consider the famous quote from Watts Humphrey, “If you don’t know where you are, a map won’t help.” Vulnerability assessments allow organizations to find out exactly where they stand from a security perspective. In addition to providing critical information on tactical vulnerabilities that would allow an attacker access to your most sensitive information, vulnerability assessments also help to strategically identify non-technical opportunities to enhance your information security posture. Should vulnerability assessments look at more than just external systems?Absolutely; vulnerability assessments need to take all of the organization’s technology into account. Proper, best-in-class vulnerability assessments include examining areas such as the following:
We've already had a firewall installed, do we still need a vulnerability assessment?Yes, because firewalls serve a highly specific purpose and are not a panacea for security. Relying only on a firewall is much like having a lock on the front door of your home but leaving all of the windows open. Even with a firewall, you still have to look at issues such as device-level configuration, patch levels of available services, strength of usernames and passwords, the technology mix in use, and the network architecture. Will your testing for vulnerabilities interrupt my network?Unless Denial of Service attacks are specifically requested, disrupting your business resources are not our intention and our methodologies have been specifically crafted to make service disruption nothing more than a remote possibility. Can my IT staff perform a vulnerability assessment?This of course depends on the information security capabilities of your staff. To answer this question, consider the following:
In general, we typically find that assessments are best performed by independent third parties. Think of it like trying to proofread your own essay; after having written the entire document, you are bound to overlook your own errors. What is the difference between a vulnerability assessment and a penetration test?A vulnerability assessment is designed to enumerate the threats to your internal critical resources; penetration testing, alternatively, is designed to exploit vulnerabilities as a proof-of-concept. Penetration tests are intended for organizations that have developed strong information security practices over time and are ready to put their efforts to the test. Vulnerability assessments are intended for organizations of all sizes and maturity levels and tend to be utilized more often. What will be delivered to me after the assessment is completed?At the conclusion of our vulnerability assessments, we provide three distinct items:
We designed our deliverables to allow your staff to quickly remediate identified problems, both at a strategic and tactical level. Isn't a vulnerability assessment something that only large companies can afford?Quite the contrary; vulnerability assessment pricing is directly linked to scope. Therefore, smaller companies will pay less for a vulnerability assessment than a larger company would, as they have fewer devices, software, and users. What if I'm not convinced that my company needs a vulnerability assessment?We would be happy to show you otherwise. We offer a complementary information security consultation to qualified companies in the Los Angeles area. Contact us for more information .
|
 |