IT Examiner School
Vulnerability Assessment vs. Risk Assessment
Assigning quantifiable value and importance to a resource
Identifying the vulnerability or potential threat(s) to each resource
Assist in mitigating or eliminating vulnerabilities for key resources
Cataloging assets and capabilities (resources) in a system
FI will sometimes use vulnerability assessment to aid in completing the risk assessment process
Penetration Test (Pen Test) Pen Test “tests” systems to find and exploit known
vulnerabilities that an attacker could exploit
Determine if there are
Pen Test report will describe any weaknesses as “high”, “medium” or “low”
Require management’s knowledge & consent
Require a high degree of skill to perform
weaknesses and if able to access system functionality and data
Are intrusive as actual “attack” tools are used
Made with FlippingBook Digital Publishing Software