Back to Security Pattern Catalog

Vulnerability Assessment

Classification Key : Security Pattern Space


Enterprise assets and the controls protecting them may be fully secure, or may have numerous weaknesses, some of which may never be exploited, and some of which may be exploited every day. Without proper cataloguing of these vulnerabilities, an enterprise might never recognize the extent of the weaknesses of their assets.
How can an enterprise identify vulnerabilities to its assets and determine the severity of those vulnerabilities?


Systematically identify and rate probable vulnerabilities of the enterprise assets. Create a threat model and identify vulnerabilities. Rate the severity of vulnerabilities.

Known Uses

Vulnerability assessment is a key component of all widely-accepted risk assessments, including those from NIST, ISO, etc. While they differ slightly in their approach, their purposes and overall goals are consistent.

Related Patterns

Security Needs Identification for Enterprise Assets, Asset Valuation


Wiley Book


Asset Valuation, Vulnerability, Security Association


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz