IT Examiner School - Oct 2023

Internal Use Only

Vulnerability Assessments

• Requires specific skills/knowledge • Audit team tries to find weak points • Tools used simulate a variety of attacks • Results are used in Penetration Testing for potential exploitation Testing: • Checking building windows and doors to see if they are secured • Checking if building is susceptible to other events, e.g. natural catastrophes Basic Vulnerability Assessment description:

21

Internal Use Only

Performing Vulnerability Assessments The goal of vulnerability assessments is to identify devices, applications, or systems that have known vulnerabilities or configuration issues without compromising your systems.

A risk-based security vulnerability methodology is designed to comprehensively identify, classify and analyze known vulnerabilities to recommend the right mitigation actions.

22