APPENDIX C – TYPICAL VULNERABILITIES
Vulnerabilities or weaknesses in or surrounding an asset leave it open to attack from a threat or hazard. This appendix lists a number of typical vulnerabilities, but it should be understood that there are many more and that new vulnerabilities, especially in application software, will be discovered on a daily basis. However, this list, based on BS 7799-3: 2017, provides some generic types and is a good starting point for vulnerability analysis. Figure C.1 illustrates these.
ACCESS CONTROL
Access control has two complementary uses: firstly to permit access to resources for authorised persons, and secondly to deny access to those resources to unauthorised persons. Failures in access control are one of the ...
Get Information Risk Management, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
