Optimum Web
Risk Management & Incident Response

Vulnerability Management

Scanning, penetration testing, phishing simulation.

3 services · Fixed price · 14-day warranty · Senior engineers only

NIS2CR-NIS2-08

Vulnerability Management Program Setup

Complete vulnerability management program: automated scanning, CVSS prioritization, remediation SLAs, patch management. Covers NIS2, ISO, SOC 2, PCI DSS. $390.

$390 3–5 business days
14-day warranty
Multi-FrameworkCR-CROSS-02

Penetration Test — Web Application

Manual web application pen test by senior engineer. OWASP Top 10 + business logic + API testing. Proof-of-concept for findings. Covers 5 compliance frameworks. $590.

$590 5–7 business days
14-day warranty
Multi-FrameworkCR-CROSS-06

Security Awareness Phishing Simulation

Controlled phishing simulation: 3 waves of escalating difficulty, real-time tracking, department analytics, awareness training. Covers NIS2, ISO, SOC, PCI. $249.

$249 3–5 business days
14-day warranty

Compare Services

ServicePrice
NIS2
Vulnerability Management Program Setup		$390Details →
Multi-Framework
Penetration Test — Web Application		$590Details →
Multi-Framework
Security Awareness Phishing Simulation		$249Details →

Frequently Asked Questions

Which vulnerability scanner do you use?+
OpenVAS (open source, no licensing cost) for most clients. Nessus or Qualys if you have existing licenses. Cloud-native scanners (AWS Inspector, GCP Security Command Center) for cloud-only environments.
Will scanning affect our production systems?+
Vulnerability scans are non-intrusive by default. We schedule internal scans during maintenance windows. External scans are throttled to avoid triggering WAF or rate limits. Production impact is negligible.
What are the remediation SLAs?+
Industry standard: Critical (CVSS 9.0+) within 24 hours, High (7.0-8.9) within 7 days, Medium (4.0-6.9) within 30 days, Low (0.1-3.9) within 90 days. We customize based on your risk appetite.
Does this satisfy PCI DSS quarterly scanning requirement?+
Yes. PCI DSS Requirement 11.3 requires quarterly external ASV scans and internal scans. Our program exceeds this with weekly external and monthly internal scanning.
How does this differ from a penetration test?+
Vulnerability scanning is automated, broad, and frequent. Penetration testing is manual, deep, and targeted. Scanning finds known vulnerabilities; pen testing finds complex attack paths. You need both.

Also in Risk Management & Incident Response

Risk Assessment

Risk registers, treatment plans, information security policies.

3 services

Incident Response

Response plans, reporting workflows, 24-hour NIS2 alerts.

3 services

Business Continuity

BCP/DRP, disaster recovery, digital resilience testing.

2 services

Security Monitoring (SIEM)

Centralized logs, anomaly detection, alerting dashboards.

2 services
$5

Not Sure Where to Start?

Our IT Health Check finds every compliance gap in your infrastructure. 1 business day. You get a prioritized list of what to fix.

IT Health Check — $5

Not sure which service you need?

Free Consultation ← Back to Risk Management & Incident Response