2023 IT Examiner School

Vulnerability Assessment vs. Risk Assessment

Assist in mitigating or eliminating vulnerabilities for key resources

Assigning quantifiable value and importance to a resource

Identifying the vulnerability or potential threat(s) to each resource

Cataloging assets and capabilities (resources) in a system

FI will sometimes use vulnerability assessment to aid in completing the risk assessment process

Penetration Test (Pen Test)

Pen Test “tests” systems to find & exploit known vulnerabilities that an attacker could exploit

Determine if there are

Pen Test report will describe any weaknesses as “high”, “medium” or “low”

Require management’s knowledge & consent

Require a high degree of skill to perform

weaknesses and if able to access system functionality and data

Are intrusive as actual “attack” tools are used