Frequently Asked Questions

Q: What scoring systems do you use?
A: For consistency and accuracy, we use five (5) categories to score risk; Critical, High,  Moderate, Nominal and None. This can be adjusted to meet a clients internal scoring preferences.

Q: What methodologies do you use?
A: We work with all of the current standards and methodologies and will select the best fit for the engagement. These includes but are not limited to NIST, FIPS, ISO 27001, BASEL II, OSSTMM, PCI and TSSIT.

Q: Who will work on our project?
A: We only allow Qualified Security Professionals employed by 10-D Security work on client projects. No interns, temporary staff, contracts or outsourced labor is used unless the specific engagement calls for it and the client agrees beforehand.

Q: How long does it take to get a final report?
A: We feel a report should be delivered as close to the assessment or audit as possible so any remediation work can begin. With this in mind, we will work hard to deliver reports as soon as possible and will often schedule the report delivery at the beginning of the engagement.

Q: Will our internal vulnerability report be thicker then a phone book?
A: Not at all. We have developed specialized software and processes to analyze the volumes of raw data produced during our testing. This process results in a very clean and accurate report that is easy to read and understand, and much smaller then a phone book.

Q: What size clients do you work with?
A: There is no one size client for us. We work with anyone that needs quality security or risk management work. We have worked with large companies on the east coast to small town banks in the mid-west.

If you have any additional questions please feel free to call contact us.