This article intends to cover following topics about Vulnerability Assessment / Vulnerability analysis in brief.
1. Meaning of vulnerable
2. What is Vulnerability?
3. What is Vulnerability Assessment?
4. Who can exploit Vulnerabilities?
5. Use of Vulnerability Assessment
6. How Vulnerability Assessment is different from Threat analysis?
1. Meaning of vulnerable
Vulnerable means weak and liable to be attacked.
2. What is Vulnerability?
Vulnerability in relation to Information System / Networking is a problematic condition because of which the system can be attacked, exploited and /or compromised. These problematic condition could be:
1. Software /Programming bug
2. Backdoors
3. Unnecessary Open ports
4. Hardware Bugs
5. Improper configuration
6. Improper parameters
7. Improper patch/update management etc.
3. What is Vulnerability Assessment?
Vulnerability Assessment or Vulnerability Analysis is the process of identification, Classification, mapping and rating of vulnerabilities of Information System / Networking System.
4. Who can exploit Vulnerabilities?
Vulnerability can be exploited by Crackers, Some kind of hackers, script kiddies for malicious intent. Some times it is exploited by Penetration Tester/ IS Auditors / Good hackers for the benefit of the general public/group and strengthening / hardening the system.
5. Use of Vulnerability Assessment
Vulnerability Assessment is used for:
1. Risk Rating and Risk Analysis
2. potential Threat Measurement
3. Protect Information assets and their integrity.
4. Prevention and correction tool for Information System
6. How Vulnerability Assessment is different from Threat analysis?
One common question asked is whether Vulnerability Assessment or Vulnerability Analysis is same as Threat Analysis. Answer is "no". No because Threat analysis is generally done after Vulnerability Assessment. Threat analysis is evaluation/examination of threats against detected /known vulnerabilities.
0 comments:
Post a Comment