VULNERABILITY ASSESSMENT

Know the Threats to Your Information Systems Before the Wrong People Do

Our Methods

Assessments are used to identify, validate, and assess technical vulnerabilities. Assessments are required by NIST compliance requirements such as the DFARS/FAR CUI regulation. It is not meant to take the place of implementing security controls, but rather to help organizations confirm their systems are properly secured and identify any security requirements that are not met or that should be addressed. Without the understanding of your security threats you are in a dangerous position. Attackers prey on the systems that lack proper security controls. Most systems that are attacked don’t even know it. Most of those also go undetected for months. This could be the difference between being in business and being out of business.
DCS Method

Each of your Systems connected to the Internet could be at risk

Vulnerability Testing Benefits

No organization wants to find out where their weaknesses are when they least expect it. Vulnerability assessments give you a holistic view of your information systems, not just the vulnerabilities that are on the network.

Comprehensive and Holistic

It provides a piece of mind that the system has been looked at from a physical, technical, environmental, and operational point of view.

Efficiency in ROI

There is a defined path to reduce discovered vulnerabilities in order of best return on investment. For example, if you patch a particular server, that may clear up 40% of the overall threats.

Remediation Plan

You will be able to spend you remediation time working on the threats that are of most concern not just the highest score on the Mitre CVSS ranking.

Repeatable Process

Threats change, people change, infrastructure change.  Therefore, you will also understand when to assess the system again (annually, bi-annually, quarterly, monthly) that makes the most sense for your environment saving you money and providing the best balance for your needs.

How we do it

Duffy Compliance Services’ (DCS) enterprise management application ensures compliance

How Service is Conducted

Review of the following areas of the information system:
  • Technical (the common, network-based threats such as Phishing, Misconfigurations, unpatched devices, and malware)
  • Operational (procedures, insider threats, rogue devices used to bypass security)
  • Physical (lighting, locks & card access, front entry access, escape routes, camera)
  • Environmental (heat, moisture, fire, flood, weather, crime)

Deliverables

Information is collected into a report and the client is debriefed on the results. The report will explain the findings and how they relate to the information system. The final report section will contain a plan of action of remediation steps that the client can use to implement a more robust security posture.

Why Choose us?

DCS has worked on several large testing efforts for vulnerability assessments. These include DHS and a division of the NFL Players Association. We are equipped to handle security controls from across the different information system areas.