A vulnerability assessment is the testing process used to identify and assign severity levels to as many security defects as possible in a given timeframe. This process may involve automated and manual techniques with varying degrees of rigor and an emphasis on comprehensive coverage. Using a risk-based approach, vulnerability assessments may target different layers of technology, the most common being host-, network-, and application-layer assessments.

Conducting vulnerability assessments help organizations identify vulnerabilities in their software and supporting infrastructure before a compromise can take place.

A vulnerability can be defined in two ways:

  1. A bug in code or a flaw in software design that can be exploited to cause harm. Exploitation may occur via an authenticated or unauthenticated attacker.
  2. A gap in security procedures or a weakness in internal controls that when exploited results in a security breach.

ISO 27001 Information Security ISO 27005 Information Security Risk Management ISO 27032 Cyber Security ISO 2000 Service Management ISO 27035 Incident Management Vulnerability Assessment Penetration Testing
Top