Back to Service Library
Service Catalog / Penetration Testing & Attack Surface Management / Vulnerability Assessments / Vulnerability Assessment
141BNDL Parent

Vulnerability Assessment

On this page

    Service Overview

    DeepSeas' Vulnerability Assessment services provide a rigorous examination of an organization's digital landscape to pinpoint vulnerabilities, ensuring the highest levels of protection against potential cyber threats.

    Objectives

    1. Identify Vulnerabilities - The primary objective of a vulnerability assessment is to systematically identify and catalog vulnerabilities present in an organization's networks, software systems, and hardware. This involves scanning these systems to detect security weaknesses that could be exploited by attackers, thereby providing a comprehensive overview of potential risks.
    2. Prioritize Remediation Efforts - Once vulnerabilities are identified, they are ranked based on their severity, exploitability, and impact on the organization. This prioritization helps organizations allocate resources efficiently and address the most critical vulnerabilities first to minimize potential threats to their security posture.
    3. Enhance Security Measures - Vulnerability assessments aim to enhance the overall security measures of an organization by providing detailed insights into the security weaknesses of their IT infrastructure. These assessments enable organizations to make informed decisions about where to strengthen their defenses, thus improving their resistance to cyber attacks and reducing the likelihood of successful breaches.

    Deliverables

    1. RULES OF ENGAGEMENT (ROE) - A procedural document establishing guidelines for all testing activities and detailing the scope of the engagement. It will include the scope of activities that can be performed, outline each party's responsibilities and the process, the client's goal for the engagement, the outputs to be produced, and any potential testing constraints.
    2. DETAILED FINDINGS REPORT - Provides details on discovered vulnerabilities, including a description, potential impact, technical and programmatic recommendations, host identified, and common vulnerability reference(s).
    3. EXECUTIVE PRESENTATION - Client If requested, a final executive-level overview of the testing activities performed will be given, and the results will be given to key stakeholders. A summary of findings will be presented, and significant, high-risk issues will be highlighted for additional discussion. 

    The Client shall have five (5) business days from receiving a Deliverable provided by DeepSeas to review, evaluate, and provide feedback or acceptance. The Deliverable shall be deemed accepted if DeepSeas receives no written approval or rejection. 

    Service Assumptions

    1. Services will be delivered remotely unless otherwise defined.
    2. All work to be scheduled during DeepSeas normal business hours unless otherwise defined.
    3. Delivery delays caused by circumstances beyond the control of DeepSeas are not covered under this proposal and are subject to a Change Order.
    4. DeepSeas' standard lead time for testing is 60 calendar days. This allows us to ensure appropriate resource allocation, planning, and quality delivery across all client engagements. Requests for an earlier testing start date may be accommodated on a case-by-case basis, pending team availability. If approved, such requests will require the purchase of our Accelerated Delivery option, which includes a prioritized testing schedule and expedited internal processing.

    Client Responsibilities

    • Provide signed approval on the agreed to Rule of Engagement document.
    • Work with DeepSeas consultants to schedule the execution of the activities associated with the contracted services in a way that does not impact the client's essential services of its daily operations.
    • Attend meetings and working sessions scheduled by DeepSeas, which include, but are not limited to:
      • Kick-off 
      • Request for requirements
      • Clarification of doubts and understanding of requirements
      • Project monitoring 
      • Project deviations
      • Partial project deliveries
      • Final project deliveries
    • Assess and accept the risk factors that harm the correct execution of the contracted services identified by DeepSeas.
    • Internal coordination of meetings with internal stakeholders (of the client) that must be involved or notified of the testing activities.
    • Delivery of requirements requested by DeepSeas for the correct execution of the activities of the services contracted and defined.
    • Assist or delegate to third parties the attendance at the work sessions coordinated by DeepSeas for the execution, investigation, assessments, and delivery of activities associated with the contracted services.
    • Acceptance of draft or final reports by DeepSeas.

    Deepseas Responsibilities

    • Work with the client to define the schedules and approve the execution period and days for the execution of tasks.
    • Definition of the team assigned to execute the tasks indicated in the RACI model.
    • Identify risk factors that may jeopardize the correct execution of the project's processes, tasks, activities, and final deliverables.
    • Monitoring of general activities, specific activities based on the service contracted by the client, deviations from activities, and follow-up plans.
    • Requests for general and additional requirements for the execution of the tasks and activities of each contracted service.
    • Coordination of specific work sessions for the activities contracted by the client.
    • Delivery of the draft and final reports for the services contracted by the client.