Back to Security Pattern Catalog
: Security Pattern Space
Enterprise assets and the controls protecting them may be fully secure, or may have numerous weaknesses, some of which may never be exploited, and some of which may be exploited every day. Without proper cataloguing of these vulnerabilities, an enterprise might never recognize the extent of the weaknesses of their assets.
How can an enterprise identify vulnerabilities to its assets and determine the severity of those vulnerabilities?
Systematically identify and rate probable vulnerabilities of the enterprise assets. Create a threat model and identify vulnerabilities. Rate the severity of vulnerabilities.
Vulnerability assessment is a key component of all widely-accepted risk assessments, including those from NIST, ISO, etc. While they differ slightly in their approach, their purposes and overall goals are consistent.
Security Needs Identification for Enterprise Assets, Asset Valuation
Asset Valuation, Vulnerability, Security Association
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz