Our client, a large international law firm, needed an in-depth security vulnerability assessment for one of their clients. The scope of the assessment was to examine and assess the risk of a cyber-attack to a mission-critical system. They turned to PamTen, their trusted IT advisor, to perform this assessment and provide recommendations for improving security.
The vulnerability assessment consisted of several parallel workstreams:
The PamTen team also examined existing security policies and procedures, server log files, backups and restore processes, data protection (at Rest, in Use, in Motion), and change management procedures.
The PamTen team found issues of varying severity in many areas: policy gaps, missing controls, and vulnerable software versions were discovered. PamTen assessed and categorized each issue. The client was immediately notified of all critical issues and was provided with a recommendation to remediate or minimize the risk of vulnerability.
PamTen compiled the results of the assessment into a detailed report. The report was structured to cater to the needs of both senior business and technical leadership. The report described the testing performed, the tools used, the expected results, the actual results, vulnerabilities, and their severity level, and recommendations for tightening security to remediate vulnerabilities and reduce overall risk.
The assessment provided our client with a comprehensive security evaluation of the infrastructure and the application, enabling them to present a road map of recommended security improvements to their client. The client was pleased with the thoroughness of the evaluation and awarded PamTen an additional contract to implement several of the security recommendations, which will provide better defense again intrusion and a stronger cybersecurity structure.