Back to Security Pattern Catalog




Vulnerability Assessment


Classification Key : Security Pattern Space

Problem

Enterprise assets and the controls protecting them may be fully secure, or may have numerous weaknesses, some of which may never be exploited, and some of which may be exploited every day. Without proper cataloguing of these vulnerabilities, an enterprise might never recognize the extent of the weaknesses of their assets.
How can an enterprise identify vulnerabilities to its assets and determine the severity of those vulnerabilities?

Solution

Systematically identify and rate probable vulnerabilities of the enterprise assets. Create a threat model and identify vulnerabilities. Rate the severity of vulnerabilities.

Known Uses

Vulnerability assessment is a key component of all widely-accepted risk assessments, including those from NIST, ISO, etc. While they differ slightly in their approach, their purposes and overall goals are consistent.

Related Patterns

Security Needs Identification for Enterprise Assets, Asset Valuation

Source

Wiley Book

Tags

Asset Valuation, Vulnerability, Security Association


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz