Identifying and Evaluating Relevant Vulnerabilities

A vulnerability is a weakness in physical, technical, or operational security. It can be procedural, technical, or physical.

Two things are certainly related to vulnerabilities:

  • All systems have vulnerabilities—Eliminating all vulnerabilities is just as impossible as eliminating all risks. The goal is to identify the relevant vulnerabilities so controls can be implemented to reduce the weaknesses.
  • Not all vulnerabilities result in a loss—Only when the threat and vulnerability come together as a threat/vulnerability pair does a loss occur. Only the relevant vulnerabilities need to be identified and evaluated.

One of the ways to identify and evaluate vulnerabilities is through assessments. ...

Get Managing Risk in Information Systems, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial