Vulnerability Assessment

Information Security

We provide the foundation for creating a proactive information security program

Vizocom has the tool set for a comprehensive vulnerability assessment. We work with our clients to prepare tailored assessment questionnaires and interview schedules. After conducting a series of interviews and rolling up the results for client review, we generate a draft report, take comments, and provide a final report.

Our assessments always include a gap analysis against known good practices and preliminary improvement road map. After an assessment, we follow-up to help plan and guide our clients’ security road map

Full Security Program Assessments

Vizocom conducts full security program assessments of our clients’ security programs to determine the client’s level of maturity, their specific gaps, and their general risk and compliance posture. We deliver a current state assessment and gap analysis identifying these findings on a program-wide and domain-by-domain level.

We prioritize and cluster the gaps by domains, and provide a preliminary road map with recommendations for closing the gaps to support developing a business case for an appropriate improvement program for each client.

Rapid Security Domain Assessments

Our rapid security assessments involve analysis, questions, and follow up interviews on any given domain. Our rapid security domain assessment will capture the critical points of analysis for the domains covered. This process will also involve client-driven tasks such as self-assessments with consultant coaching, and onsite interviews.

Vizocom performs rapid assessments for combinations of security domains from a set of more than more 20 domains within the security program. After information collection, we deliver a rapid assessment and gap analysis with a preliminary roadmap for the subset of the security program covered, and the engagements are scoped to our client’s projects and responsibilities.

Deep Security Domain Assessments

Vizocom’s deep domain assessments involve a deeper level of analysis with more questions and more follow up interviews on any given domain than the rapid assessment. A deep assessment will also involve more security architects partners-driven tasks such as consultants performing interviews, with fewer client-driven tasks.

We can perform deep assessments of multiple security domains covered in our areas of expertise, and of any other domains subject to resource availability. Deep assessments include additional questions to probe into our assessment criteria up to a point appropriate to the client’s level of maturity in the domain, and to discover related risk indicators. This enables us to provide a more detailed gap analysis and preliminary road map.

Custom or Special Assessments

Vizocom can perform custom or specialized assessments and evaluations which include:

  • Risk Assessment
  • Compliance Assessment
  • Threat Assessment
  • Security Vendor Assessment
  • Cloud Service Provider Assessment
  • Project Assessment