Vulnerability Scanning

  • 50,000 Network Vulnerability Tests
  • Test check if exploit can indeed penetrate through firewalls
  • Automated and Scheduled Processing without human intervention

Risk Assessment

  • Risk Assessment based on attack graph analysis
  • Attack graphs capture lateral propagation through enterprise's network

Cyber Risk Score

  • Provide Risk Score based on analysis of attack paths
  • Visualization of risk scores at several granularities

Third Party Supplier Risk Ranking

  • Rank Cyber security posture of suppliers and vendors
  • Compare cyber risk for third party suppliers and choose supplier with minimal cyber risk on a periodic basis

Cyber security Testing

  • Evaluate impact of vulnerabilities based on information of critical assets and services
  • Augment exploitability scores with impact scores in the overall risk score.

Mitigation Service

  • Prioritized mitigation plan
  • Choice between patching vulnerabilities and enforcing security control

Cyber Risk Management Compliance Auditing

  • Review security controls, policies and procedures
  • Compare with NIST and ISO cyber security risk management framework for compliance
  • Auditing of security controls
  • Recommendations on applying security controls to minimize cyber risk and improve scoring

Technology Transition

A commercial license for Cyber Risk Scoring and Mitigation (CRISM) tool is available.


The Virginia Modeling, Analysis and Simulation Center (VMASC) at Old Dominion University is a multi-disciplinary research center dedicated to solving real world problems through the application of modeling and simulation techniques and to developing new approaches to representing physical, social, and human systems in simulation. We are one of the world's leading research centers for computer modeling, simulation, and visualization.

Quick links

Get the latest information about CRISM.