AVULlCT, ICT Vulnerabilities analysis and management
ICT vulnerabilities represent the main causes of malfunctions and digital attacks, intentional or otherwise, to an Information System.
Vulnerabilities for an IS are broken down in three main categories: technical vulnerabilities, staff vulnerabilities (end users and IS priviliged), organization vulnerabilities.
AVULICT service concerns only software's technical vulnerabilities installed on Client computer system. Staff and organization vulnerabilities are examined in ICT Risk Analysis (ICTRA).
AVULICT offers two service levels:
- software's vulnerabilities analysis automatically through specific software instruments, according to nature and complexity of IS Client, in addition to his available budget, for these analysis can be used both opensource tools, such as OpenVas, and paid trade instruments, such as Nessus, The result of this analysis, delivered and illustrated/explained to Client, is a Report which points out the discovered vulnerabilities in order to seriousness, and how to delete it or reduce its severity.
- penetration test (pentest): After making the analysis mentioned above, Malabo's specialistis make non-destructive attack attempts to Client's IS especially to his most significant infrastructures and application more critical to company's businnes. The result of this analysis, delivered and illustrated/explained to Client, is a Report which points out the data breaches and critical aspects encountered in order of severity, and how to delete it or reduce its severity.
The result of technical vulnerabilities' analysis is a Report which, in order of severity, details the technical vulnerabilities detected, their potential causes, the interventions to be implemented in order to eliminate and riduce them, if there were not yet specific patch/fix for that software. This Report is illustrated and explained to the Client's Top Management during a meeting.