Risk Assessment Matrix
| Vulnerability Scan1 | Basic Penetration Test2 | Standard Penetration Test3 | Advanced Penetration Test4 | |
|---|---|---|---|---|
| NETWORK: | ||||
| Passive Information Gathering |
||||
| Active Information Gathering |
||||
| Enumeration |
||||
| Automated Scanning |
||||
| Automated Penetration Testing |
||||
| Basic Exploitation of Vulnerabilities |
||||
| Manual Penetration Testing |
||||
| Advanced Exploitation of Vulnerabilities |
||||
| Password Attacks |
||||
| Post-Exploitation Activities |
||||
| Reporting |
||||
| Presentation |
||||
| APPLICATION: |
||||
| Passive Information Gathering | ||||
| Active Information Gathering | ||||
| Enumeration | ||||
| Automated Scanning | ||||
| Automated Penetration Testing | ||||
| Basic Exploitation of Vulnerabilities | ||||
| Manual Penetration Testing | ||||
| Authenticated Penetration Testing | ||||
| Advanced Exploitation of Vulnerabilities | ||||
| Password Attacks | ||||
| Post-Exploitation Activities | ||||
| Reporting | ||||
| Presentation |
1 Vulnerability Scan: Automated process of identifying, quantifying, and prioritizing known vulnerabilities in a system.
2 Basic Penetration Test: Basic attempts to exploit vulnerabilities using only automated methods.
3 Standard Penetration Test: Basic attempts to exploit vulnerabilities using automated and manual methods.
4 Advanced Penetration Test: Advanced (additional time and effort) attempts to exploit vulnerabilities using automated and manual methods.
Additional Assessment Offerings:
Architecture Review: Threat Identification, Network Design Review, Dataflow Analysis, Controls Assessment
Social Engineering: e-Mail Phishing, Phone Phishing, USB thumb-drive Drops, Tailgating/Piggybacking
Physical: Entryway Testing, Service Protection, Data Handling, Tailgating/Piggybacking