The overall objective of the engagement is to test, investigate, analyze, and report on the level of risk associated with any security vulnerabilities discovered during the assessment. The goal is to provide your organization with appropriate mitigation strategies to address those discovered vulnerabilities. The Risk-Based Security Vulnerability Assessment methodology has been designed to comprehensively identify, classify and analyze known vulnerabilities in order to recommend the right mitigation actions to resolve the security vulnerabilities discovered.
As a part of this engagement, X10 Technologies will deliver on the following services:
Asset Identification
This step aims to identify and classify all assets that form the environment under review, including network devices, applications, servers, networks, external entities, etc. The objective is to enumerate each asset to ensure all assets are properly accounted for and, where possible, risk-rank assets to enable evaluation of risks based on asset rankings in subsequent phases.
Threat and Vulnerability Assessment
This step utilizes common approaches, including internal and external penetration testing, as well as policy, governance and operational reviews to evaluate potential weaknesses at the technical and operational layers, and maps these weaknesses to known threats utilizing a threat model suitable to the organization’s industry and size.
Risk Assessment
During this step, the weaknesses and threats identified in the prior step are evaluated in the context of the organization-specific considerations, resulting in a prioritized list of issues and recommendations to address, as well as an overall cybersecurity scorecard for organizational management to measure progress on a year to year basis.
Recommendations
As a final step, the prioritized list of risks identified in the prior step is utilized to generate a cybersecurity improvement roadmap. This roadmap will consist of prioritized, practical recommendations to address technical weaknesses and/or improve operational practices.