IT Examiner School, Providence, RI
Vulnerability Assessments
Require specific skills/knowledge Audit team tries to find weak points Tools used simulate a variety of attacks Results can be used in Penetration Testing for potential exploitation Catalog assets and capabilities (resources) in a system Assign quantifiable value and importance to a resource Identify the vulnerability or potential threat(s) to each resource Assist in mitigating or eliminating vulnerabilities for key resources
Penetration Testing Penetration Testing “tests” a system to find and exploit known vulnerabilities that an attacker could exploit Determine if there are weaknesses and ability to access system functionality and data Are intrusive as actual “attack” tools are used Require a high degree of skill to perform Require management’s knowledge & consent Penetration test reports will generally describe any weaknesses as “high”, “medium” or “low”
Made with FlippingBook Annual report