emergency responseEmergency Response

Home | Pen Tests & Cybersecurity Audit

Pen Tests & Cybersecurity Audit

yellow arrow
public health success story

technological complexity icon
icon people connected
icon target

Our team used a two-step methodology conducted in parallel: workshop audit and penetration testing. First, as soon as the intervention protocol was approved by the client, we conducted a series of interviews with the teams responsible for the different departments. These workshops allowed us to collect the necessary data on cybersecurity by keeping a complete record of the evidence provided and classifying it. To complete this information phase, we conducted failure tests to detect vulnerabilities that could be attacked. One of the major challenges of this assignment was the importance of total data confidentiality.

We assessed the client’s security posture according to three main areas of intervention. First, we met with the operational teams to analyze their daily activities. Second, meetings with the service managers to obtain a picture of the prevailing situation. Finally, following various incidents related to cybersecurity, a compilation of the results to provide the client with a portrait of the positive aspects and the elements to be corrected to improve the cybersecurity posture of the organization and its numerous regional networks.

The report produced included a remediation plan, measurable indicators and guidance for optimizing the operational structure. The results were presented behind closed doors to the relevant IT managers, including the responsible executive.

Due to the extent of the network and the importance of maintaining the confidentiality of the client’s information, our specialists obtained safeguards in case of problems with the physical security managers of the various locations.

Intrusion tests were carried out in “black box” mode, including the installation of probes on unattended workstations or access to connection rooms. Once access to the network was obtained, the consultant proceeded with the scans as well as the evaluation of the security flaws.

Then, the severity of the detected vulnerabilities was evaluated according to the CVSS and OWASP benchmarks.

The exercise was repeated for all internal and external networks. Medical equipment, for obvious reasons of public protection, was excluded from the scope.

  • ESI produced a detailed technical report for security experts and a strategic version for senior management that was incorporated into the overall audit report.
  • ESI’s involvement in the project has resulted in an effective and intelligent roadmap to mitigate cybersecurity vulnerabilities.
public healthsuccess

Virtual Guardian works with the best.

Your Business is Our Business

Our experienced team will help you choose, plan, and implement a cybersecurity program and solutions tailored to your business.

rss feed icon

Latest Government News

Can’t focus on the many threats to your business?

Let our 24/7 SOC, powered by IBM Security’s QRadar, safeguard your organization.