
2
Vulnerability and Threat
Identification
‘‘Before the question of security can be addressed, it is first necessary to identify
those harmful events which may befall any given enterprise.’’
—Charles A. Sennewald, CPP, Security Consultant, Author, and Lecturer
RISK I DENTIFICATION
In systems security, the primary purpose of vulnera bility identification or threat (exposure)
determination is to make the task of risk analysis more manageable by establishing a
base from which to proceed. When the risks associated with the various systems and
subsystems within a given enterprise are known, the allocation of countermeasures
(resources) can be more careful ly ...