What is a Cyber Security Vulnerability Assessment? We are refer vulnerability assessment (VA) in cyber security context. In the past, known as IT security vulnerability assessment, or in short vulnerability assessment. Modern business make extensive use of digital technology, from traditional endpoint computer, laptop, mobile device, tablet, to on-premise and on cloud server, web application, 3rd party technology services and data exchange to online payment exchange with customer and supplier. Modern technology such as IoT, cloud and container add the area require to be cover as well, for both wireless or wired connected network infrastructure the business have, across the region they did business. All those technology used and try to protect, include customer and supplier transaction data, process data all is “asset” that require to be protect and make sure they are access by the right user at the right time for the right mean only and keep them away from the rest, whether data-at-transit or data-at-rest.
Company with IT cyber infrastructure in place and it connected to both within and outside cyber world. How could a company knowing about their cyber exposure in term of business risk for vulnerable network and enterprise application allow hacker and intruder perform data breach against their asset, which will impact on the business reputation across the world?
Public listed corporation and established government agency will need to assess their asset against cyber exposure for regulatory compliance. From there, cyber security vulnerability assessment come in picture to provide audit, checking and produce the full visibility and understanding of the cyber exposure risk discovered, so enterprise can manage their cyber exposure. From cyber security vulnerability assessment report, they can make decision which area to prioritise resource, what need to be done first to bring down the cyber exposure for the company (usually in the critical impact area first), whether in term of patching the application, upgrade the software, hardening the operating systems, addition of network security device, policy change in firewall and defense software, fixing the source code for the vulnerable code, enforce company endpoint for install and use workplace approved application only, and to other area where cyber exposure report highlighted, come with recommendations what next risk mitigation action to be taken.
As you can see from the above example, and noted how it is important for the business perspective. If it execute in the correct way, the associated benefits it bring to the modern business enterprise, include lower and mitigate enterprise cyber exposure risk from the asset for the positive business impact. It help to achieve regulatory compliance in more systematic, professional, efficient and manageable way. Technology itself do not bring regulatory compliance, but the people and process within the enterprise did. Technology alone will make accelerate and facilitate to achieve the regulatory compliance for the business.
In the end, and serve as summary, “Vulnerability” refer here to any type of weakness in any traditional and modern cyber device and service, from a computer system, network device, enterprise application, to cloud based infrastructure that leaves information security exposed to a threat. This is why managing enterprise cyber exposure always involve asset, risk (cyber exposure), threat and vulnerability management.
E-SPIN being active in cyber exposure business since 2005, being helping enterprise and government customer for the various project and solution in the solution domain matters. Please feel free to contact E-SPIN for your cyber exposure (risk, asset, vulnerability and threat management) so we can help you on the exact requirement for packaged solutions that you may required for your operation or project needs.