IT Vulnerability Overview

Protecting corporate information and technology assets from malicious threat agents, internal and external, is a significant challenge for most enterprises. Awareness is a crucial aspect to ensure staff can identify the signs of malicious attacks to your business

The confidentiality, integrity and availability of valuable information is a complex challenge facing all business today. It is critical to view security holistically across the technology stack, as vulnerabilities at each layer of the information environment expose an enterprise to differing threats. Investment in security, and an assessment of the existing posture, must be made based on a complete external and internal overview. 

The ITVO service examines four elements of the information technology (IT) landscape that commonly represents an enterprise attack surface. Vulnerabilities discovered in each of the following domains contribute to the majority of modern breaches. CT Group will conduct a modular review of your business systems, and after analysing the data, will produce valuable reporting.

Internal network-based vulnerabilities can allow an attacker to exploit, escalate and pivot within an internal network, compromising information confidentiality and threatening integrity and availability. This module will produce:
  1. Internal Risk Summary Report - An executive level overview highlighting critical internal information security risks.
  2. Full Network Vulnerability Assessment Report - A detailed report communicating all findings from an internal network vulnerability assessment. The Internal Risk Summary Report is the high level analysis of these findings.
  3. Asset Detail Report - A report identifying the network visible assets as discovered during the network vulnerability assessment.
By adhering to defensive administrative best-practice, the likelihood of compromise from unidentified vulnerabilities and complex threat attacks (multi-vulnerability chain) is significantly reduced. This module will produce:
  1. Security Risk Report. An executive level overview highlighting the current adherence to or deviance from known defensive administration best-practice.
  2. Security Policy Assessment. A detailed review of the security policies that are in place on both a domain wide & local machine basis.
  3. Shared Permissions Report. A comprehensive list of all network “shares” by machine, detailing which users & groups have access to which devices & files, & what level of access is permitted.
  4. User Permissions Report. A list of permissions by user, showing all shared computers & files to which individual employees have access to.
External network-based vulnerabilities can allow an attacker to remotely exploit, escalate and pivot into an internal network or public-facing infrastructure; compromising information confidentiality in depth and threatening integrity and availability. This module will produce:
  1. External Risk Summary Report. An executive level overview highlighting critical external information security risks.
  2. Visible External Service Vulnerability Report. A detailed report communicating all findings from an external network vulnerability assessment. The External Risk Summary Report is the high level analysis of these findings.
Knowing your IT security posture is a critical step in understanding your information security risk. Take the important ‘reasonable step’ required to protect confidential and business critical information.
Even with the best security software and infrastructure deployment methods, you still need to ensure that the same conscious effort has been applied to the physical access. We therefore also assess:
  1. Report of access & conditions. An executive level overview highlighting location, security & other hazards relating to the server room location & conditions of the room
  2. Images included: with permission we will include photographic evidence of the location and highlight the concerns or risks