The purpose of an External Vulnerability Assessment (EVA), as required by NCUA, is to simulate a targeted attack and to identify potential vulnerabilities that could be exploited on those devices that are publicly available on the Internet. Vulnerabilities that may be exploited may involve system configurations, system applications, web/e-mail server services, and remote or administrative access.
Following the CastleGarde’s assessment methodology and with management consent, an External Vulnerability Assessment (EVA) is performed in four stages:
- Port scanning
- Application exploits
- Operating system exploits
- Modem war-dialing
A comprehensive risk profile is completed on the organization that accurately identifies vulnerabilities and predicts the organization’s exposure to them. This professional report provides management with the tools it needs to make accurate decisions with respect to the acceptance, avoidance, mitigation, or assignment of risks identified.