Vulnerability Assessment
Classification Key
: Security Pattern Space
Problem
Enterprise assets and the controls protecting them may be fully secure, or may have numerous weaknesses, some of which may never be exploited, and some of which may be exploited every day. Without proper cataloguing of these vulnerabilities, an enterprise might never recognize the extent of the weaknesses of their assets.
How can an enterprise identify vulnerabilities to its assets and determine the severity of those vulnerabilities?
Solution
Systematically identify and rate probable vulnerabilities of the enterprise assets. Create a threat model and identify vulnerabilities. Rate the severity of vulnerabilities.
Known Uses
Vulnerability assessment is a key component of all widely-accepted risk assessments, including those from NIST, ISO, etc. While they differ slightly in their approach, their purposes and overall goals are consistent.
Related Patterns
Security Needs Identification for Enterprise Assets, Asset Valuation
Source
Wiley Book
Tags
Asset Valuation, Vulnerability, Security Association
|