Assessment

Vulnerability Assessment

Vulnerability assessments help organizations understand security weaknesses, adequacy of security controls, and/or security deficiencies within their span of control. Our team offers vulnerability assessments with the following options that are tailored the client environment:

  • Vulnerability scanning (network, hardware, software)
  • Vulnerability identification, classification, prioritization
  • Vulnerability remediation/mitigation (alternative measures)
  • Physical and environmental control assessment
  • Plan of Action and Milestones (POA&M) development (action plans)      

Compliance Assessment

Compliance assessments assist organizations in validating their current cybersecurity posture against regulatory requirements, compliance frameworks, standards, and/or policies. Our team has a history of performing vulnerability assessments for small, medium, and large organizations and are well versed in providing compliance assessments based on the following regulatory requirements and standards.

  • Federal Transportation Regulatory Requirements (Surface, Aviation, Pipeline)
  • National Institute of Standards and Technology (NIST) 800-53 Risk Management Framework
  • NIST Cybersecurity Framework (CSF)
  • Guided CISA Cyber Security Evaluation Tool (CSET)
  • ISO 27001 (Information Security Management)

Cybersecurity Consulting

ENSCO Inc’s diverse cybersecurity background and experience across the Department of Defense (DOD), Federal Agency’s, and Commercial markets establishes our team as a credible solution for any organizations cyber consulting needs. Our subject matter experts are uniquely qualified to provide consulting support across a wide variety of topics, including:

  • Federal Transportation Regulatory Requirements (Surface, Aviation, Pipeline)
  • Cybersecurity strategy
  • System Security Plan (SSP)
  • Policy and guidance
  • Secure architecture
  • Risk management
  • Incident Response
  • Business Continuity Planning
  • Workshops, exercises, and stakeholder engagements

Threat and Vulnerability Assessment (TVA)

Threat and Vulnerability Assessment provide for performance-based assessment methodology to demonstrate that a mission owning organization can be compliant but not survivable. By looking differently at the assessment process, a performance-based assessment can go a long way in augmenting a compliance-based assessment. Our assessments help organizations in identifying those Critical Nodes (CN) associated with the industry, understanding the interdependencies between critical systems, and how they support or impact mission/capability survivability. TVA assessments can include a variety of the following and more:

  • Backup or alternate capability e.g., backup generator, servers
  • Physical Security Systems and Electronic Security Systems and structural vulnerabilities
  • External presence (social media presence, signage, route publications etc.) and open-source data collection and analysis
  • WMD Threats and consideration
  • Fire protection systems appropriate for the asset being protected (automatic, manual, wet pipe, dry pipe, chemical)
  • Electrical grounding, lightning protection
  • Utility Systems and SCADA Systems