Risk and Vulnerability Assessments

Cybercriminals are experts at exploiting vulnerabilities in network devices and web applications – all with the purpose of stealing money or sensitive information. Without knowing where your weaknesses lie, you expose yourself to being a victim of cybercrime. Let Consultiviti help you assess and highlight these vulnerabilities and provide recommendations on how to address them.

Our Risk and Vulnerability Assessments (RVA) conduct assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.

Some of the key areas this activity includes but not limited to:

  • Network Mapping – consists of identifying assets on an agreed upon IP address space or network range(s).
  • Vulnerability Scanning – comprehensively identifies IT vulnerabilities associated with customer systems that are potentially exploitable by attackers.
  • Phishing Assessment – includes activities to evaluate the level of awareness of the customer workforce with regard to digital form of social engineering that uses authentic looking, but bogus, emails request information from users or direct them to a fake Website that requests information. Phishing assessments can include scanning, testing, or both and can be conducted as a one- time event or as part of a larger campaign to be conducted over several months.
  • Wireless Assessment – includes wireless access point (WAP) detection, penetration testing or both and is performed while onsite at a customer’s facility.
  • Web Application Assessment – includes scanning, testing or both of outward facing web applications for defects in Web service implementation may lead to exploitable vulnerabilities. Provide report on how to implement Web services securely and that traditional network security tools and techniques are used to limit access to the Web Service to only those networks and systems that should have legitimate access.
  • Operating System Security Assessment (OSSA) – assesses the configuration of select host operating systems (OS) against standardized configuration baselines.
  • Database Assessment – assesses the configuration of selected databases against configuration baselines in order to identify potential misconfigurations and/or database vulnerabilities.