IT Examiner School eBook

Internal Use Only

Vulnerability Assessment & Penetration Testing

Vulnerability assessment is a process that defines, identifies & classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure  Vulnerability Scans  Tabletop Assessments A penetration test subjects a system to the real-world attacks selected & conducted by the testing personnel

Internal Use Only

Vulnerability Assessments

• Requires specific skills/knowledge • Audit team tries to find weak points • Tools used simulate a variety of attacks • Results are used in Penetration Testing for potential exploitation Testing: • Checking building windows and doors to see if they are secured • Checking if building is susceptible to other events, e.g. natural catastrophes Basic Vulnerability Assessment description: