Vulnerability assessment

From Free net encyclopedia

Vulnerability assessment is the process of identifying and quantifying vulnerabilities in a system. The system being studied could be a physical facility like a nuclear power plant, a computer system, or a larger system (for example the communications infrastructure or water infrastructure of a region).

Vulnerability assessment has many things in common with risk assessment. Assessments are typically performed according to the following steps:

1. Cataloging assets and capabilities (resources) in a system
2. Assigning quantifiable value and importance to the resources
3. Identifying the vulnerabilities or potential threats to each resource
4. Mitigating or eliminating the most serious vulnerabilities for the most valuable resources

"Classical risk analysis is principally concerned with investigating the risks surrounding physical plant (or some other object), its design and operations. Such analyses tend to focus on causes and the direct consequences for the studied object. Vulnerability analysis, on the other hand, focuses both on consequences for the object itself and on primary and secondary consequences for the surrounding environment. It also concerns itself with the possibilities of reducing such consequences and of improving the capacity to manage future incidents." (Lövkvist-Andersen, et. al., 2004)

When dealing with computers, vulnerability assessment is also known as "white hat hacking".

References

Lövkvist-Andersen, A-L, et. al. (2004). Modelling Society’s Capacity to Manage Extraordinary Events. Paper presented at the SRA (Society for Risk Analysis) Conference in Paris 15-17 November, 2004

External links

• Modelling Society’s Capacity to Manage Extraordinary Events From the Swedish Morphological Society
• A closer look at all-purpose vulnerability scanners (Comparison of 10 Products, Vendor indepent)

See also: operations research, computer security