Digital Risk Assessment
Review details & methodology for Digital Risk Assessments.
Digital Risk Assessment
A Digital Risk Assessment (DRA) is a systematic process for identifying, analyzing, and prioritizing potential threats and vulnerabilities from an attacker’s perspective within an organization’s digital ecosystem.
Digital Risk Assessment is a type of engagement outside of our standard Pentesting as a Service. Refer to the below chart for details of a Digital Risk Assessment.
Feature | Description |
---|---|
Fulfilled by | Cybersecurity Services |
Number of credits | Typically between 6 - 12 credits, dependent on scope |
Number of testers | 1 tester |
Collaboration | Slack |
Retesting | Yes - according to your credit tier |
Earliest start date | Earliest start date will be based on availability. Typical start dates of 3-5 business dates once test is submitted to In Review |
Test duration | Typically 10 days. Finalized once test is moved to Planned |
Report due date | 5 business days after the test end date. |
Kick off call | Available upon request |
Debrief call | Available upon request |
Methodology Details
Cobalt will use publicly available information and commonly used OSINT methodologies and tooling (such as those documented at https://osintframework.com) to assess an organization from an external, adversarial perspective. Cobalt will employ a passive approach to OSINT reconnaissance.
Activities conducted within a Digital Risk Assessment are noted within the brief:
- Company research
- Domain and host enumeration
- Email, name, phone, and username harvesting
- Advanced Search Engine Operators (“dorks”)
- Attempts to identify code used for internal applications
- Password dumps
- Attempts to identify sensitive or proprietary indexed files
- Identification of employee badges on social media sites
- Building layouts
- Online brand protection
Last modified December 18, 2024