IT Examiner School eBook May 2025

Internal Use Only

Vulnerability Assessment vs. Risk Assessment

Assist in mitigating or eliminating vulnerabilities for key resources

Assigning quantifiable value and importance to a resource

Identifying the vulnerability or potential threat(s) to each resource

Cataloging assets and capabilities (resources) in a system

FI will sometimes use vulnerability assessment to aid in completing the risk assessment process

Internal Use Only

Penetration Test Considerations External Penetration Testing Internal Penetration Testing “Black Box, White Box” Application Penetration Tests Independent Party Qualifications of Penetration Testers