Vulnerability assessments are intended to identify, evaluate, and prioritize potential security vulnerabilities within an organization’s systems, including information technology and communications systems. Organizations are able to assess risks that might be associated with any weaknesses or evolving threats that are discovered through the vulnerability assessment, and in turn, formulate solutions to prevent a breach from occurring. By conducting vulnerability assessments regularly, organizations will have a better understanding of any security flaws and potential risks within their environment so they can make improvements.
Technical Framework’s vulnerability assessments are designed to identify, quantify, and rank risks based on a system’s vulnerability to the following threats.
- Malware: Malicious software that is intended to damage or take partial control of a computer, device, or network for illicit gains or illegal activity (e.g. data and credential theft, vandalism, spying).
- Ransomware: A type of malware that is planted on a computer or network illegally and encrypts the data until the organization pays a ransom to have the data decrypted.
- Zero-day threats: A security threat that has never been seen by developers and therefore no patch exists to fix or prevent an attack.
- Intrusions: An intentional wide-range breach that could negatively impact a system’s network security, performance, safety, and reliability. Examples include exploited applications, computer worms, Trojan viruses/malware, software vulnerabilities, and other malicious traffic.
- Spam: Unsolicited mass e-mail messages that can provide opportunities for cybercriminals to introduce malicious URLs or files into a network. E-mail messages might also contain links that connect to phishing web sites or web sites that contain malware.
- Phishing: Targeted e-mail messages that leverage social engineering — often in the form of a legitimate user, friend, co-worker, or business — to encourage recipients to click links, open attachments, execute files, and submit personal information through online forms, all of which appear to be trustworthy but are actually malicious.
All too often, organizations perform risk mitigation in order of perceived impact of vulnerabilities, which is a flawed approach. Technical Framework employs industry-leading tools and seasoned cyber experts to derive conclusions regarding an organization’s security posture and to make short- and long-term recommendations that follow the order of risk and volatility.