Vulnerability Assessment

A Starting Point

Vulnerability Assessment is a process of assessing an organization's security posture based on a very broad sampling of the organization's systems, processes, and personnel. By its very nature, it's a natural starting point for any organization that has not previously brought in outside security help, or has only worked with compliance-focused scanning services. It also represents the lowest barrier to entry with minimal cost, minimal risk, and maximum value.

White Badger Group's Vulnerability Assessment services look at the three major pillars of information security: electronic security, physical security, and human security. Data from these three broad areas is collected, then analyzed together to formulate an accurate list of vulnerabilities that pose the greatest risk to the organization. From there, the list is sorted with the highest-impact/lowest-cost-to-fix items down to more strategic items that will need to be implemented over the long term.

Electronic

Electronic, or Cyber Security, includes all electronic systems, and their supporting systems. In a typical organization, this will involve clients (workstations and mobile devices), servers, infrastructure (switches, routers, firewalls, wireless, VoIP), and auxillary devices (printers, scanners). Each of these categories brings its own set of risks and requirements, as well as its own set of possibilities for attacks and defenses. These systems also have an extensive set of supporting subsystems, such as data backup and disaster recovery, design redundancy and service level requirements, and more.

Physical

All organizations and information exists in the physical world. It's no coincidence that this is also often the lowest common denominator for security. Computers can be stolen, buildings can be intruded. Having the correct levels of control over and visibility in to the physical nature of your information is critical to its security. White Badger Group's team of experts is also well-versed in the complexities of securing your organization, both in the confines of an office building, and out the most hostile public areas.

Human

Organizations are nothing without the people who make it work. These same people also act as the first and last line of defense against data loss. Frequently, personnel can be work actively against the security of an organization, which is what's known as an insider threat. White Badger Group's personnel assessment techniques are unparalleled in the industry and can go as far as detecting insider threats before they cause issues. Further, White Badger can help design systems wherein insider threats have a very low probability of occuring, and will have minimal impact if they do.

Targeted

A broad assessment is not always necessary. The most recent developments in technology and regulatory compliance needs make incremental assessments with specific focus areas an optimal choice. White Badger Group has performed many targeted assessments, covering a wide variety of areas. Below is a sample of possible focus areas:

  • Mobile Security (phones, tablets, laptops)
  • Endpoint Security (desktop/laptop hardening and configuration)
  • Wireless Security
  • Authentication System Security
  • Remote Access Security and Structure
  • Active Directory Structure
  • Encryption (SSL and CA security/structure)
  • Device Lifecycle Assessment