IT Examiner School, Providence, RI

Vulnerability Assessments

Testing: • Requires specific skills/knowledge • Audit team tries to find weak points • Tools used simulate a variety of attacks • Results are used in Penetration Testing for potential exploitation Basic Vulnerability Assessment description: • Checking building windows and doors to see if they are secured • Checking if building is susceptible to other events, e.g. natural  catastrophes

Vulnerability Assessment vs. Risk Assessment

Assist in  mitigating or  eliminating  vulnerabilities  for key  resources

Assigning  quantifiable  value and  importance to a  resource

Identifying the  vulnerability or  potential  threat(s) to  each resource

Cataloging assets  and capabilities  (resources) in a  system

FIwill sometimes usevulnerability  assessment toaid in completing the  risk assessment process