Vulnerability Assessment

Why Trust Techopedia

What Does Vulnerability Assessment Mean?

A vulnerability assessment is a risk management process used to identify, quantify and rank possible vulnerabilities to threats in a given system. It is not isolated to a single field and is applied to systems across different industries, such as:

  • IT systems
  • Energy and other utility systems
  • Transportation
  • Communication systems

The key component of a vulnerability assessment is the proper definition for impact loss rating and the system’s vulnerability to that specific threat. Impact loss differs per system. For example, an assessed air traffic control tower may consider a few minutes of downtime as a serious impact loss, while for a local government office, those few minutes of impact loss may be negligible.

Techopedia Explains Vulnerability Assessment

Vulnerability assessments are designed to yield a ranked or prioritized list of a system's vulnerabilities for various kinds of threats. Organizations that use these assessments are aware of security risks and understand they need help identifying and prioritizing potential issues. By understanding their vulnerabilities, an organization can formulate solutions and patches for those vulnerabilities for incorporation with their risk management system.

The perspective of a vulnerability may differ, depending on the system assessed. For example, a utility system, like power and water, may prioritize vulnerabilities to items that could disrupt services or damage facilities, like calamities, tampering and terrorist attacks. However, an information system (IS), like a website with databases, may require an assessment of its vulnerability to hackers and other forms of cyberattack. On the other hand, a data center may require an assessment of both physical and virtual vulnerabilities because it requires security for its physical facility and cyber presence.


Related Terms

Margaret Rouse
Senior Editor
Margaret Rouse
Senior Editor

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.