1.2 Vulnerability Assessments
Vulnerability assessment is the process of identifying, quantifying, and prioritizing vulnerabilities in computer systems, networks, and applications. In contemporary computing, vulnerability assessment is a critical component of maintaining the security and integrity of computer systems and protecting them from potential cyberattacks.
The first step in vulnerability assessment is to identify all possible points of vulnerability, such as outdated software, unpatched systems, mis-configured systems, weak passwords, or lack of encryption (Mell, P., & Scarfone, K. 2011).
Once vulnerabilities are identified, they are typically prioritized based on their severity and potential impact. This allows organizations to focus their resources on the most critical vulnerabilities first. Figure 1.1 shows the various vulnerability assessment in contemporary computing.
After prioritization, organizations must then take steps to remediate vulnerabilities, which can include software patches, configuration changes, or other security measures. Finally, regular vulnerability assessments should be conducted to ensure that new vulnerabilities are not introduced over time.
Figure 1.
Vulnerability assessment in contemporary computing