Vulnerability Assessments

Mitigating Risk

Vulnerability assessments is the process of identifying the security holes in a computer, network, or application, with the goal of remediating unacceptable risk exposure. The vulnerability assessment process, which is a critical part of organizational risk management, includes:

• Cataloging organizational information systems and their component assets
• Determining the relative effect on the organization of a loss of confidentiality, integrity, or availability of those assets
• Identifying the vulnerabilities or potential threats to each resource
• Determining a cost-effective risk mitigation path

Advanced Toolsets

Aerstone’s vulnerability assessments are fueled by a sophisticated understanding of information security. We understand that complicated systems frequently face complex threats. To ensure a full view into system risk, we leverage a combination of advanced open source, commercial, and custom developed software. For some customers we employ non-technical vulnerability assessment techniques, including social engineering tactics like spear phishing, media dropping, and pretext calling — as delineated in the rules of engagement for each assessment.

Expert Guidance

The Aerstone Test Team is composed of a mix of expertise and experience in IT security, all dedicated to security assessment projects and engagements. Team members maintain industry certifications in security including CISSP, C|EH, GPEN, and GCFE, and undergo annual training to stay current with the latest tools and techniques employed by security professionals. We will work with your organization’s security leadership to craft and execute a vulnerability assessment approach that will ensure that you maintain an appropriate security posture across your environment.

Security Badging

Aerstone’s security badging program allows you to display visible proof that your website or application has undergone a comprehensive third-party security assessment. Security badging helps to demonstrate an organization’s responsible approach to security and privacy, and shows a level of due diligence in keeping with industry standards.