Scope of supply: The activities below are conducted and documented:
•Based on either NIST, NERC CIP, IEC 62443 -3-3 & -2-2, ISO 27001, other
•Identification of Electronic Security Parameter (ESP) / Secure Zones & Conduits
•Identification of all ports and services
•Identification of security weaknesses in the target systems
•Entire network and port scans including internal routers, firewalls and switches
•Review of the remote access paths and configuration.
•Ranking of each detected vulnerability to Critical, High, Medium, and Low impact category.
•Assessments of access management, account configurations
•Identification of vulnerabilities or potential threats
•Detailed Cyber Vulnerability Assessment (CVA) documentation of results and assessed systems
•Development and presentation of the recommended frequency and strategy for future vulnerability assessments and/or penetration testing services