Risk & Vulnerability Assessments

Identify, inventory, and assess potential security centric issues in technology infrastructure. 


A vulnerability assessment is an important aspect of an organization’s security program. This type of assessment activity helps to collect and inventory systems and applications across the IT landscape. Performing vulnerability assessments helps organizations gauge the efficacy of their vulnerability and risk management programs.

Rotas’ vulnerability assessment methodology aligns with, and combines many industry best practice frameworks, to include the Open Source Security Testing Methodology Manual (OSSTMM), as well as NIST CSF. These assessments are typically performed at the network level, using automated and manual methods to first identify network systems. Then, the various ports, protocols and services running on those systems are enumerated. Lastly, vulnerabilities are identified and mapped to systems to give a snapshot in time of an organization’s technical security posture. Steps are taken to validate findings and attempt to remove false positives.

A report containing the details of the assessment is created from the testing artifacts, and observations taken during the assessment.