Vulnerability Assessment

A Starting Point

A cyber security Vulnerability Assessment is a process for assessing an organization's security posture through an evaluation of the organization's IT network infrastructure, systems, processes, policies, and personnel. By inherent nature, this is a natural starting point for any organization that has primarily worked with only compliance-focused cyber vulnerability scanning services or has not previously brought in outside cyber security help. It also represents the lowest barrier to entry with minimal cost, minimal risk, and maximum value.

Clarity Consulting's Vulnerability Assessment service looks at the three major pillars of information security: cyber security, physical security, and human factors security. Data from these three broad areas is collected, then cross-analyzed together to formulate an accurate list of vulnerabilities that pose the greatest risk to the organization. From there, the list is sorted with the highest-impact/lowest-cost-to-fix items down to more complex items that will need to be remediated over the long term.

Cyber Security Assessment

Our Cyber Security assessment service is exhaustively thorough and includes all electronic infrastructure systems and their supporting systems. In a typical organization, this will involve clients (workstations and mobile devices), servers, infrastructure (switches, routers, firewalls, wireless, VoIP), and auxiliary devices (printers, scanners). Each of these categories brings its own set of risks and requirements, as well as its own set of possibilities for attacks and defenses. These systems also have an extensive set of supporting subsystems, such as data backup and disaster recovery, design redundancy and service level requirements, and more.

As an option, we also offer an affordable Targeted Cyber Security Vulnerability Assessment. This is possible because a comprehensive assessment is not always necessary, and incremental assessments with specific focus areas of changing technology can be a valid choice. Here is a list of possible focus areas:

• Mobile Security (phones, tablets, laptops)
• Endpoint Security (desktop/laptop hardening and configuration)
• Wireless Security
• Authentication System Security
• Remote Access Security and Structure
• Active Directory Structure
• Encryption (SSL and CA security/structure)
• Device Lifecycle Assessment

AWIA Risk & Resiliency Asseessments

In October 2018, the America's Water Infrastructure Act (AWIA) was signed into law. For community drinking water systems of between 3,301 and 49,999 in customer size, AWIA requires the completion of Risk and Resilience Assessment and corresponding Emergency Response Plan (ERP). Completion of these tasks must be certified to the Environmental Protection Agency (EPA) by June 30, 2021.

Clarity Consulting perform these tasks for public drinking water systems while providing the added value that only experience and independence from facility operations can provide.

Physical Security Assessment

All organizations along with their electronic information exist in the physical world. So it's no coincidence that often this is also the lowest common denominator for real world business risk. Buildings can be intruded into, computers and documents can be stolen by outside attackers, and for that matter, by contrary-minded insider threat employees, too.

Ensuring then the correct levels of physical security and access control over and visibility into the physical dimension of your organization’s information is a critical part of its overall security. Clarity Consulting’s team of experts is well-versed in the complexities of physically securing your organization’s electronic information assets and sensitive data, both in the confines of an office building, as well as in the most hostile of domestic or international travel places.


To illustrate our expertese in this area, we invite you to watch the first 32 minutes of the following video:  

 

 

For the first time ever, Clarity Consulting's CTO Paul Williams publicly reveals never-before-disclosed secrets in this video from his 19 years of consulting work in the secretive world of “Red Teaming,” an especially hard-core type of physical security assessment. “Adversary Emulation” is a type of ethical hacking engagement where a "Red Team" emulates highly skilled adversaries to assess the physical, personnel and electronic security of a target organization. The goal of such engagements is improve people, process, and technology.

https://www.youtube.com/watch?v=11ghqUvDbJo 


Human Factors Assessment

Organizations are nothing without the people who make it work. These same people also act as the first and last line of defense against data loss. However unfortunately, all too frequently these same personnel can work unknowingly or even actively against the security of an organization, becoming what's known as an “insider threat”. Clarity Consulting’s human personnel assessment techniques are unparalleled in depth and breadth in the industry and can optionally go as far as detecting existing insider threats within your organization before they cause issues.

Further, Clarity Consulting can help design your IT systems so that insider threats have a very low probability of succeeding even if launched, and even if so will have only short-lived minimal impact.