This phase includes planning activities and the actual security scanning. Planning includes gathering of relevant information, such as public/external IP addresses and domains used by the organization. Moving forward, security vulnerability scanning takes place, so CYGNUS experts can identify and classify security vulnerabilities in the perimeter.
This service aims to produce an inexpensive report of the overall cybersecurity posture of an organization based on detailed assessment of vulnerabilities in the most critical attack surface (external perimeter) correlated with high-level data from other cybersecurity aspects and engagements (training, PT, manuals, procedures), their frequency or their absence.
Steps
External Vulnerability Assessment
Overall Cybersecurity Posture Assessment
In this phase, security scanning results are correlated with other facts like recent internal assessments results and remediation actions, whether adequate training for cyber awareness culture has been provided, cybersecurity manuals, policies, procedures and compliance aspects.
Reporting & Recommendations
This is the last phase of the process and basically consists of producing a comprehensive report on each and every aspect of cybersecurity including technology, procedures and people. Recommended actions are provided in a list, prioritized according to risk / impact.
In Scope
- Public IP Addresses and domains assessment.
- Assess risk from known data breaches.
- Network Architecture & Segregation overall assessment
- Procedures and Policies high level evaluation
- Email Security Assessment
- Awareness Training enrollment evaluation
- High-level recommendations on detected risks
Out of scope
- Actual exploitation of systems (Penetration Test)
- Compliance Assessment
- Internal Network Hosts Vulnerability Assessment
- Delivering Training
- Technical Support on Hardening