IT Examiner School, Seaside, CA

Vulnerability Assessments Testing:

• Requires specific skills/knowledge • Audit team tries to find weak points • Tools used simulate a variety of attacks • Results are used in Penetration Testing for potential exploitation Basic Vulnerability Assessment description: • Checking building windows and doors to see if they are secured • Checking if building is susceptible to other events, e.g. natural catastrophes

Vulnerability Assessment vs. Risk Assessment

• Cataloging assets and capabilities (resources) in a system • Assigning quantifiable value and importance to a resource • Identifying the vulnerability or potential threat(s) to each resource • Assist in mitigating or eliminating vulnerabilities for key resources

Entity will sometimes use vulnerability assessment to aid in completing the risk assessment process