Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

05 Assets, Threats, and Vulnerabilities > MD3 Identify System Vulnerabilities: Vulnerability Assessments > Flashcards

MD3 Identify System Vulnerabilities: Vulnerability Assessments Flashcards

1
Q

A Vulnerability Assessment

A

A vulnerability assessment is the internal review process of an organization’s security systems. These assessments work similar to the process of identifying and categorizing vulnerabilities on the CVE list. The main difference is the organization’s security team performs, evaluates, scores, and fixes them on their own. Security analysts play a key role throughout this process.

Vulnerability assessments are great for identifying the flaws of a system. Most organizations use them to search for problems before they happen. But how do we know where to search? When we get together again, we’ll explore how companies figure this out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The goal of a vulnerability assessment

A

Overall, the goal of a vulnerability assessment is to identify weak points and prevent attacks. They’re also how security teams determine whether their security controls meet regulatory standards.

Organizations perform vulnerability assessments a lot. Because companies have so many assets to protect, security teams sometimes need to select which area to focus on through vulnerability assessments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Vulnerability assessments typically follow a four-step process.

A
  1. Identification
  2. Vulnerability analysis
  3. Risk Assessment
  4. Remediation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Vulnerability assessments

  1. Identification
A

Here, scanning tools and manual testing are used to find vulnerabilities. During the identification step, the goal is to understand the current state of a security system, like taking a picture of it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Vulnerability assessments

  1. Vulnerability analysis
A

During this step, each of the vulnerabilities that were identified are tested. By being a digital detective, the goal of vulnerability analysis is to find the source of the problem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Vulnerability assessments

  1. Risk Assessment
A

During this step of the process, a score is assigned to each vulnerability. This score is assigned based on two factors: how severe the impact would be if the vulnerability were to be exploited and the likelihood of this happening.

Vulnerabilities uncovered during the first two steps of this process often outnumber the people available to fix them. Risk assessments are a way of prioritizing resources to handle the vulnerabilities that need to be addressed based on their score.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Vulnerability assessments

  1. Remediation
A

It’s during this step that the vulnerabilities that can impact the organization are addressed. Remediation occurs depending on the severity score assigned during the risk assessment step.

This part of the process is normally a joint effort between the security staff and IT teams to come up with the best approach to fixing the vulnerabilities that were uncovered earlier. Examples of remediation steps might include things like enforcing new security procedures, updating operating systems, or implementing system patches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

05 Assets, Threats, and Vulnerabilities (50 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions