APPENDIX C TYPICAL VULNERABILITIES
Vulnerabilities or weaknesses in or surrounding an asset leave it open to attack from a threat or hazard. This Appendix lists a number of typical vulnerabilities, but it should be understood that there be many more, and that new vulnerabilities, especially in application software, will be discovered on a daily basis. However, this list, based on BS 7799-3: 2006, provides some generic types and is a good starting point for vulnerability analysis. Figure C.1 illustrates these.
Access control has two complementary uses: first, to permit access to resources for authorised persons, and, second, to deny access to those resources to unauthorised persons. Failures in access control are very likely to ...