IT Examiner School

Vulnerability Assessment vs. Risk Assessment

Assigning quantifiable value and importance to a resource

Identifying the vulnerability or potential threat(s) to each resource

Assist in mitigating or eliminating vulnerabilities for key resources

Cataloging assets and capabilities (resources) in a system

FI will sometimes use vulnerability assessment to aid in completing the risk assessment process

Penetration Test (Pen Test) Pen Test “tests” systems to find and exploit known

vulnerabilities that an attacker could exploit

Determine if there are

Pen Test report will describe any weaknesses as “high”, “medium” or “low”

Require management’s knowledge & consent

Require a high degree of skill to perform

weaknesses and if able to access system functionality and data

Are intrusive as actual “attack” tools are used

Made with FlippingBook Digital Publishing Software