Vulnerabilities are flaws that create weaknesses in the overall information assurance of the system or network. This appendix will provide a general overview of types of vulnerabilities and the nature/effect of those vulnerabilities.
NOTE This list is inspired by and adapted from the BSI (Bundesamt für Sicherheit in der Informationstechnik) threat list.
Vulnerability: Organizational Shortcomings
An organization that has poor planning and implementation habits introduces vulnerabilities. Throughout the organizational planning process, you should make sure information assurance is kept in the list of high-importance items. The following are the vulnerabilities in this category: