Risk Assessment Matrix
|Vulnerability Scan1||Basic Penetration Test2||Standard Penetration Test3||Advanced Penetration Test4|
|Passive Information Gathering
|Active Information Gathering
|Automated Penetration Testing
|Basic Exploitation of Vulnerabilities
|Manual Penetration Testing
|Advanced Exploitation of Vulnerabilities
|Passive Information Gathering|
|Active Information Gathering|
|Automated Penetration Testing|
|Basic Exploitation of Vulnerabilities|
|Manual Penetration Testing|
|Authenticated Penetration Testing|
|Advanced Exploitation of Vulnerabilities|
1 Vulnerability Scan: Automated process of identifying, quantifying, and prioritizing known vulnerabilities in a system.
2 Basic Penetration Test: Basic attempts to exploit vulnerabilities using only automated methods.
3 Standard Penetration Test: Basic attempts to exploit vulnerabilities using automated and manual methods.
4 Advanced Penetration Test: Advanced (additional time and effort) attempts to exploit vulnerabilities using automated and manual methods.
Additional Assessment Offerings:
Architecture Review: Threat Identification, Network Design Review, Dataflow Analysis, Controls Assessment
Social Engineering: e-Mail Phishing, Phone Phishing, USB thumb-drive Drops, Tailgating/Piggybacking
Physical: Entryway Testing, Service Protection, Data Handling, Tailgating/Piggybacking