Effective Security Made Simple with CyboNet
What is Security Vulnerability?
Security vulnerability is anything that exposes a potential avenue of attack against a system. This may include viruses, incorrectly-configured systems, passwords written on sticky pads and left in a state that can easily be seen by others, and others, increasing the risk to a system. More formally, Security Vulnerability may be defined as “a set of conditions that leads or may lead to an implicit or explicit failure of the confidentiality, integrity, or availability of an information system.” ISO 27001 defines Vulnerability as “a weakness in an asset or group of assets.
An Asset’s weakness could allow it to be exploited and harmed by one or more threats“. As per ISO, “A threat is a potential event. When a threat turns into an actual event, it may cause an unwanted incident. It is unwanted because the incident may harm an organization or system” and an “Asset is any tangible or intangible thing that has value to an organization“.
As enumerated and listed in Common Vulnerability Enumeration database there are:
- 60,000+ common vulnerabilities
- 900+ common weaknesses
- 1014+ Common configuration errors
- 150,000+ security related events, and
- Large number application related errors
What is Vulnerability Assessment?
Vulnerability assessment is the process of systemic review of security weaknesses by recognizing, analyzing, and prioritizing vulnerabilities existing in systems or IT equipment. It is to trace prevailing threats in the environment and recommend remediation and mitigation methods. With the appropriate information on hand, the risk factors can be easily determined and can be competently defined without any delay. Vulnerability assessment is not specific to any sector and can be applied in all industries, from IT to energy or utility sector.
Why do Vulnerability Assessment
- It is important for the security of the organization.
- The process of locating and reporting the vulnerabilities, which provide a way to detect and resolve security problems by ranking the vulnerabilities before someone or something can exploit them.
- In this process Operating systems, Application Software and Network are scanned in order to identify the occurrence of vulnerabilities, which include inappropriate software design, insecure authentication, etc.