IT Examiner School, Providence, RI

First page Table of contents Previous page 144 Next page Last page

Identify Vulnerabilities

Weaknesses in a system or controls, which include: Software, hardware, physical, and administrative weaknesses  Anything that can be exploited for gain!

Software Vulnerabilities • Programming errors Hardware Vulnerabilities

• Device failure • Power failure Physical Vulnerabilities • Unrestricted facility access

• Lack of fire/flood controls/HVAC • Location (crime, regional, weather) Administrative Vulnerabilities • Antivirus software not kept up-to-date • Vendor patches not installed • Unnecessary services running • Configuration (user) error • Personnel policies

Risk Assessment Process

Identify and value sensitivity of information assets.

Identify potential internal/ external threats and/or vulnerabilities.

Rank likelihood and impact of threats and/or vulnerabilities.

Assess sufficiency of risk control policies, procedures, information systems, etc.

Made with FlippingBook Annual report