Overview

Vulnerability Assessments are a critical part of organizational risk assessment. In addition to being good business practice, regular assessments are mandated by regulations such as HIPAA and Sarbanes-Oxley. Proactive security starts with gaining a complete picture of an organization's security posture.

Webfargo's Vulnerability Assessment findings are detailed in a report delivered upon completion of our review. Our professional reports are custom written, not generated by a software program, and present details about any vulnerabilities discovered and actionable information to address them. We provide both technical details and 'plain English' so that the report is as useful in the server room as it is in the boardroom.

Service Details

Webfargo provides a number of different assessment options depending on the client's needs. Since our reports are customized to each project, we can be extremely flexible as to our methodology and the scope of each assessment. Typically these projects consist of one or more of the following:

• System Assessment
  In-depth review of a single system. This is often performed for critical servers or e-commerce websites, located either within the client's network or at a hosting provider.
  
  
• External Network Assessment
  An assessment of a network's security posture from the outside world. This is often performed against corporate LANs, WANs, or critical network segments.
  
  
• Internal Network Assessment
  An assessment of a network's security posture from inside the network. The scope can vary in this case, but often a client will provide us with a user-level network login and a network port to determine what security zones we can enter.
  
  
• Security Architecture Assessment
  Working with your IT staff, we will review the type and placement of network hardware and software against your specified security goals.
  
  
• Security Practices Assessment
  Working with your IT staff, we will review your security practices (password policies, access-levels policies, software update policies) to determine if they meet industry standards.
  
  

In each option above, detailed recommendations are provided to mitigate any security risks uncovered or to increase organizational security where it can be improved. Additionally, Webfargo engineers are available to present the report to the client's IT and/or Executive staff as needed.

Please contact Webfargo for a detailed overview of our testing methodology and sample reports.

Also see:
Security Deployment and Support
Security Policy Development
Incident Response Plan Development