Vulnerability Assessments and Penetration Tests


  Tasks Type Deliverables Resource
1. Hardware & Software Audit and Assessment / Cyber Essentials
Optional Perform Surveys and Interviews  to:


  • Assess software Licencing stance
  • Perform software inventory
  • Assess OS patch status
  • Assess hardware fit for purpose
  • Assess HW/SW policies and processes
  • Analyse HW/SW relevant threats
  • Assess effectiveness of existing protection systems
  • Produce and present report outlining high level InfoSec posture
EC-Council CEH Analyst
2. Network Assessment and Enumeration Optional Perform network scanning to identify network components and architecture. Produce and present network architecture report outlining all recommended action including documentation of cost/benefit. EC-Council CEH Analyst
3. Assess staff knowledge and training on key infrastructure elements. Optional Based on findings from Initial Assessment, and through interviews and meetings, develop a clear understanding of the general preparedness of staff to respond to infrastructure disruption. EC-Council CEH Analyst
4. Assess Backup strategy Optional Provide analysis of current backup strategy with recommendations for improvements. EC-Council CEH Analyst
5. Vulnerability Assessment / Cyber Essentials Plus
Optional Perform either internal or external vulnerability scanning on network, hardware and software elements. This non-invasive analysis provides analysis of the vulnerabilities found on specific network elements, without the vulnerabilities themselves being exploited EC-Council CEH Analyst
6. Penetration Testing Optional Perform a methodical Security Assessment with a defined scope over a 1-2 week period, generally announced to the business with the intention of identifying the total number, and criticality of all vulnerabilities.


Pre-engagement interactions (with organisation), intelligence gathering, vulnerability analysis, vulnerability exploitation, post exploitation and providing detailed documented findings and identification of the vulnerabilities that were exploited, with recommendations for improvements.

EC-Council CEH Analyst
7. Red Team Optional The CloudCIO Red Team engagement is for a business that is confident in its’ IT defences, security controls, inhouse skills and regularly undertakes Penetration Testing. The engagement further tests these assumptions and processes in a safe, controlled manner. Penetration Testing is the rigorous and methodical testing of a network, application or hardware, where as a Red Team’s mission is to emulate the tactics, techniques and procedures of cyber adversaries.


In a Red Team engagement, CloudCIO initially use its bespoke cyber assessment tool to identify the biggest business risks, then performs a flexible but targeted campaign, depending on the specifics of the business.

Typically, Red Team engagements last from 1 week to 6 months, are un-announced to the business and test the in-house Blue (defensive) Security Team on their controls, policies, tools and skills. It identifies how well the internal security program is running with the intention of discovering the time it takes for the Blue Team to recognise and manage any incident.

A Red Team engagement covers a range of offensive activities replicating the actions of a malicious antagonist and with the desire to not easily be discovered. Typically, these include intelligence gathering, gaining an initial foothold, moving within the network, data identification / proof of ability to extract company data and take control.

Finally, CloudCIO will provide documented findings and identification of the vulnerabilities that were exploited, with recommendations for improvements.

EC-Council CEH Analyst


The effort required to conduct Vulnerability Assessments and Penetration Tests varies based on the size of a company’s network, the complexity of that network, and the individual test staff members assigned. A small environment can be done in a few days, but a large environment can take several weeks.

Vulnerability scanning and penetration testing are different.

People sometimes mistakenly believe that vulnerability scanning or antivirus scans are the same as a professional penetration test. Some companies offer ‘penetration testing services’ when in fact, they only offer vulnerability scanning services. As a general rule, any ‘pen test’ that is listed for less than £4,000 is probably not a real penetration test.

An external vulnerability scan is an automated, affordable, high-level test that identifies known weaknesses in network structures.

A penetration test includes a live person manually investigating the complexities of a network. A vulnerability scan only identifies vulnerabilities, while a penetration tester digs deeper to identify, then attempt to exploit those vulnerabilities to gain access to secure systems or stored sensitive data.