A vulnerability assessment is the testing process used to identify and assign severity levels to as many security defects as possible in a given timeframe. This process may involve automated and manual techniques with varying degrees of rigor and an emphasis on comprehensive coverage. Using a risk-based approach, vulnerability assessments may target different layers of technology, the most common being host-, network-, and application-layer assessments.
Vulnerability assessment refers to the process of identifying risks and vulnerabilities in computer networks, systems, hardware, applications, and other parts of the IT ecosystem. Vulnerability assessments provide security teams and other stakeholders with the information they need to analyze and prioritize risks for potential remediation in the proper context.
Vulnerability assessments are a critical component of the vulnerability management and IT risk management lifecycles, helping protect systems and data from unauthorized access and data breaches.
Vulnerability assessments typically leverage tools like vulnerability scanners to identify threats and flaws within an organization’s IT infrastructure that represents potential vulnerabilities or risk exposures.
A vulnerability can be defined in two ways:
– A bug in code or a flaw in software design that can be exploited to cause harm. Exploitation may occur via an authenticated or unauthenticated attacker.
– A gap in security procedures or a weakness in internal controls that when exploited results in a security breach.
VULNERABILITY IDENTIFICATION
Create a comprehensive list of hardware and software assets present in their environment.
VULNERABILITY ANALYSIS
Identify the security vulnerabilities impacting the assets identified in step one.
RISK ASSESSMENT
Determine a quantifiable threat or severity score for each vulnerability and the negative impact to the environment.
REMEDIATION
The process of proactively identifying and mitigating security vulnerabilities and reducing threats
