Security Risk Assessment Services

Two main types of security risk assessment services are provided to user departments:

• System vulnerability assessment service
  System vulnerability assessment service identifies potential vulnerabilities on their information systems and examine the security posture of the systems.
• Web application vulnerability assessment service
  Web application vulnerability assessment service identifies the possible vulnerabilities in the web applications before they are placed in production.

In general, individual vulnerability assessment could be completed within 5 business days, depending on the complexity of system / web application and the availability of the assessment resources.

Preparation prior to the assessment

Involvement of department / office is required for the success of the service. The following are some of their responsibilities:

1. Department / office should clearly identify the scope for the vulnerability assessment and provide written authorization to our Cyber Security Team for that assessment
2. A representative from department / office should be appointed as single point of contact during the service period
3. Department / office should provide the necessary documentation to review
4. Department / office should arrange internally for a time slot for the vulnerability assessment
5. The remediation of the vulnerabilities identified from the assessment is not included in the service. Department / office should be responsible for the fixing
6. Department / office should ensure a full and restorable backup (including both system and data) is available before the assessment