Vulnerability assessment is performed to identify current security posture of an information system or organization. It provides recommendations for improvement, which allows the organization to a reach a security goal that mitigates risk, and also enables the organization. Security assessments rely on three main assessment methods that are inter-related. Combined, they can accurately assess the Technology, People, and Process elements of security.
This includes passive review techniques and interviews, which are generally conducted manually. They help to evaluate systems, applications, networks, policies, and procedures to discover vulnerabilities. They include the review of documentation, architecture, rule-sets, and system configurations. This method enables understanding what the critical information and systems are, and how the organization wants to focus regarding security.
This is a hands-on technical process that looks specifically at the organization from a system or network level to identify vulnerabilities. This includes technical analysis of the firewalls, intrusion detection systems, and routers. It also includes vulnerability scans of the customer’s networks. This method provides excellent information that leads into future examinations.
Which is a Penetration test.
Who need this?
Those who need a technical overview of their IT security implementation.
Those who never perform a technical test of their IT security implementation.
Those who need to comply with regulations, such as one considering vulnerability assessment as mandatory.