search menu icon-carat-right cmu-wordmark

System and Platform Evaluation

Created December 2017

Determining the security of your organization’s information systems is more important than ever. We leverage CERT cybersecurity research to develop and provide advanced penetration testing and cyber vulnerability assessments of systems and platforms for organizations.

You Will Be Attacked. Will You Be Ready?

Organizations operate in an era of seemingly constant high-profile data breaches. A cyber attack on your organization is inevitable. Organizations can no longer expect to defend against every attack. However, your first line of defense is still a hardened information system and cyber processes. These defenses reduce costly downtime, breaches of sensitive data, and potential damage to the organization's reputation and mission achievement.

Know Your Weaknesses

A risk and vulnerability assessment (RVA) identifies vulnerabilities in an organization’s network and endpoint devices. It also ensures that security implementations actually provide the protection that organizations require and expect.

CERT subject matter experts conduct RVAs with personnel from our partners at the U.S. Department of Homeland Security. We use open source and commercial security tools to conduct vulnerability scanning and manual penetration testing. These scans and tests determine whether, and by what methods, an adversary can defeat security controls on a live or simulated network.

Technical and Organizational Strength

An organization’s ability to repel cyber attacks requires more than just software patches and complex passwords. It takes a risk-based approach to security decisions. An RVA contributes to both technical and organizational strength by

  • helping secure against known vulnerabilities and threats by providing mitigation strategies to reduce risk
  • aggregating vulnerability data so executives can make informed decisions regarding the security and safety of information systems

Looking Ahead

We are developing tools, methods, and next-generation penetration testing to bring increased value and robust measurement to the performance of technical vulnerability assessments.

Learn More

SEI Cyber Minute: Why Phishing Matters

SEI Cyber Minute: Why Phishing Matters

July 19, 2016 Video

Mike Cook discusses "Why Phishing Matters."

watch
SEI Cyber Minute: Penetration Testing - Misconfigurations

SEI Cyber Minute: Penetration Testing - Misconfigurations

July 04, 2016 Video
Michael Cook (SEI CERT)

Mike Cook discusses "Penetration Testing."

watch