Security Assessment for public entity
Complete cybersecurity assessment and critical vulnerability remediation for a regional public entity.
The Challenge
The entity needed to comply with new cybersecurity regulations (NIS2) and had no clear view of its IT infrastructure's state from a cybersecurity perspective.
The Solution
We conducted a complete assessment with vulnerability assessment, penetration testing, and gap analysis against NIS2 requirements, followed by a prioritized remediation plan.
The Challenge
The public entity manages critical services for millions of citizens. With the entry into force of the NIS2 directive, it was necessary to:
- Assess the security state of IT infrastructure
- Identify and fix vulnerabilities
- Implement security management processes
- Document compliance for audits
The Solution
We structured the project in three phases:
Phase 1: Assessment
- Vulnerability Assessment — Automated scanning of over 500 assets
- Penetration Testing — Manual tests on web applications, APIs, and infrastructure
- NIS2 Gap Analysis — Compliance assessment against regulatory requirements
- Interviews — Information gathering on processes and procedures
Phase 2: Analysis and Prioritization
We classified each vulnerability by criticality (CVSS) and business impact. This allowed defining a realistic remediation plan with clear priorities.
Phase 3: Remediation and Verification
We supported the entity’s IT team in resolving critical vulnerabilities and verified the effectiveness of interventions with subsequent tests.
The Results
At the end of the project:
- 23 critical vulnerabilities completely resolved
- NIS2 compliance reached at 100%
- Average CVSS score reduced by 65%
- Documented processes for ongoing security management
The entity now has a solid security baseline and processes to maintain it over time.
Technologies Used
"Fastal guided us through a complex journey with expertise and pragmatism. Today we have a more secure infrastructure and the awareness of how to keep it that way."