Vulnerability Assessment
Vulnerability assessment is a process wherein a specialist ranks, quantifies, identifies, and prioritizes the security holes of a given system or network. This safety evaluation procedure is most commonly conducted with the following systems: communication systems, transportation systems, water supply systems, energy supply systems, IT systems, and nuclear power plants. What's more, these special appraisals can be performed on large regional infrastructures, multinational companies, or small businesses.
Vulnerability and disaster management in the context of IT systems involve the assessment of the potential threats or hazards (such as black hat hackers, crackers, botnets, worms, viruses, trojans, spam, system exploits, social engineering techniques, and so on) that could compromise a whole company's or individual user's database and the infrastructure housing these important yet sensitive digital records. It can be done in environmental, economic, social, and political fields involved with the IT industry as well.
Vulnerability assessment is a lot like risk assessment, such that both are usually done using the following steps:
- Classification of system capabilities and assets.
- Allocating importance, rank order, or quantifiable value to the above resources.
- Discerning the common vulnerabilities or possible hazards to each asset.
- Alleviating or eradicating the most serious system weaknesses for the most important resources.
Standard risk analysis is mostly interested in exploring and examining the risks surrounding a given asset or resource (in the IT industry's case, digital information, the continued smooth operation of a program, or the unimpeded performance of an OS or network) as well as its function and design. Such assessments tend to concentrate on the direct consequences and root causes for the failure of the scrutinized object.
In contrast, vulnerability assessment is more concerned with both the adverse effects on the asset itself and on the principal and secondary consequences for the surrounding system environment. At any rate, this analysis type is mostly focused on the possibilities of mitigating such risks and improving the security capacity and performance rating of a given network or computer system in order to better manage future incidents.
|
|
|