Risk Assessment Matrix
Vulnerability Scan1 | Basic Penetration Test2 | Standard Penetration Test3 | Advanced Penetration Test4 | |
---|---|---|---|---|
NETWORK: | ||||
Passive Information Gathering |
||||
Active Information Gathering |
||||
Enumeration |
||||
Automated Scanning |
||||
Automated Penetration Testing |
||||
Basic Exploitation of Vulnerabilities |
||||
Manual Penetration Testing |
||||
Advanced Exploitation of Vulnerabilities |
||||
Password Attacks |
||||
Post-Exploitation Activities |
||||
Reporting |
||||
Presentation |
||||
APPLICATION: |
||||
Passive Information Gathering | ||||
Active Information Gathering | ||||
Enumeration | ||||
Automated Scanning | ||||
Automated Penetration Testing | ||||
Basic Exploitation of Vulnerabilities | ||||
Manual Penetration Testing | ||||
Authenticated Penetration Testing | ||||
Advanced Exploitation of Vulnerabilities | ||||
Password Attacks | ||||
Post-Exploitation Activities | ||||
Reporting | ||||
Presentation |
1 Vulnerability Scan: Automated process of identifying, quantifying, and prioritizing known vulnerabilities in a system.
2 Basic Penetration Test: Basic attempts to exploit vulnerabilities using only automated methods.
3 Standard Penetration Test: Basic attempts to exploit vulnerabilities using automated and manual methods.
4 Advanced Penetration Test: Advanced (additional time and effort) attempts to exploit vulnerabilities using automated and manual methods.
Additional Assessment Offerings:
Architecture Review: Threat Identification, Network Design Review, Dataflow Analysis, Controls Assessment
Social Engineering: e-Mail Phishing, Phone Phishing, USB thumb-drive Drops, Tailgating/Piggybacking
Physical: Entryway Testing, Service Protection, Data Handling, Tailgating/Piggybacking