Presidio’s methodology, as it pertains to risk and vulnerability assessments, is unique in the industry. Not only have we adopted standards such as ISO27005 and NIST 800-30 in improve the reliability and portability of our assessments, but we have also developed an approach that goes far beyond what any other vendor will provide. Presidio’s methodology combines the use of security tools, controls testing, governance review, and architecture evaluation in a way that is second to none, and superior in nearly every to the tradition approach to security testing. Our approach breaks the mold and has set a new standard for risk assessments.
In addition to this, we provide deliverables and reports that evaluate risk in a way that it is meaningful to each organization we work with so that it reflects a customer’s “true” risk. We consider factors beyond CVE and CVSS scores, and evaluate pervasiveness, likelihood, and business impact so that an organization’s actual risk can be clearly understood and properly acted upon. Our reports are custom written and include a complete Risk Register that will help guide and direct the remediation process. Our nearly 10 years of experience in risk management has allowed us to mature our offering and service so that you, the customer, truly benefit.
The Presidio vulnerability/risk assessment offering includes assessment of all of the following areas of your organization:
- Governance – Assessment of frameworks, policies, procedures, and processes related to information security.
- Regulatory Requirements – High-level assessment of compliance with an identified regulatory standard.
- External Systems – Vulnerability scanning and validation against Internet-accessible IP addresses.
- Internal Systems – Vulnerability scanning and validation against internal IP address ranges and configuration review of all internal systems.
- Wireless Infrastructure – Physical assessment of wireless network coverage and security from an on-site perspective.
- Telephony – War-dialing tests against organization-controlled phone numbers.
- Web Applications – In-depth assessment of Web application security.
- Penetration Testing – Activities designed to emulate an actual attack and attempt to access and obtain organizational data.
- Physical Security – On-site assessment of the physical security attributes of in-scope locations.
- Social Engineering – Customized social engineering attacks testing the effectiveness of existing employee information security awareness and training.
- Malware – Analysis of Internet traffic to determine if any internal hosts have been compromised.
In addition, inexpensive follow-up assessment after a period of time validates identified risks that have been directly remediated.
A clear and comprehensive picture of current risk levels and clear direction as to how best to act upon those risks. Contact Presidio today to start getting the answers you need.
Contact us to learn more about our Cyber Security Solutions.