Reporting & Risk Management - Priosec

By: Priosec  09-12-2011

At Priosec we understand that a great consulting team has to offer willingness and time to understand what is important to you, understanding your business, your future thoughts with respect to technology and your direction as a company.  These factors along with technical proficiency will assist us in focusing on the areas of importance. This also allows us to interpret and prioritize our findings in terms of business risk.  Understanding how your technical teams work with respect to corporate policies and guidelines further assists us in delivering to you a report that contains issues and risk ratings that relate directly to your business practices and objectives.

Providing risk classifications of identified issues related to business goals, drivers and differentiators is our number one priority when delivering your final report.

Risk classifications assess vulnerabilities as high, medium, or low risk based on technical and business severity qualifiers and related probability indicators, as explained below:

  • Business severity measurements relate to the nature of an organization's core business drivers. For example, if an organization's Website were responsible for 100% of revenue vulnerability on this server would receive a much higher rating then if it functioned merely as a marketing tool.
  • Technical severity pertains to the destruction an attacker might cause in exploiting identified vulnerabilities.
  • Business probability takes into account industry type. For example, certain types of focussed attacks are more likely to be launched government agencies than against a marketing firm. An organization's prominence within its particular industry can also affect business probability. A world leader in credit card distribution, for instance, is more likely to be targeted than a similarly oriented startup company.
  • Technical probability is based on the complexity involved in both addressing vulnerability issues and the likelihood that they would be exploited.

By analyzing vulnerabilities in this manor we effectively assist clients in prioritizing corrective measures. Since no two clients share identical technical and business variables, superficially similar vulnerabilities are seldom assessed in the same manner. Resolution strategies are always specific to the client's organizational concerns.

Other products and services from Priosec


Penetration & Vulnerability Assessments - Priosec

Vulnerability analysis involves conducting a high-level vulnerability scan of target environments and identifying security holes in operating systems, network appliances, and firewalls. Given the realities of conducting business in the digital age, finding security flaws before someone else does can save significant time and money.


Services - Priosec - Ethical Hacking, Vulnerability Assessments, Penetraton testing and Web Application Security

The required technical expertise to do so is not lacking at most security firms, however technical proficiency is only a fraction of what an effective consulting team has to offer. Equally important is the ability to assess the greater business environment in which an organization operates and factor in all related variables in the assessment process.


Application Security Assessments - Priosec

The objective of an application security test is to assess the security of the web based application which may be used to share information and/or provide services to its business partners, clients, and employees in order to suggest solutions for improving existing security practices.