Vulnerability Assessment

What Does Vulnerability Assessment Mean?

A vulnerability assessment is a risk management process used to identify, quantify and rank possible vulnerabilities to threats in a given system. It is not isolated to a single field and is applied to systems across different industries, such as:

  • IT systems
  • Energy and other utility systems
  • Transportation
  • Communication systems

The key component of a vulnerability assessment is the proper definition for impact loss rating and the system’s vulnerability to that specific threat. Impact loss differs per system. For example, an assessed air traffic control tower may consider a few minutes of downtime as a serious impact loss, while for a local government office, those few minutes of impact loss may be negligible.

Techopedia Explains Vulnerability Assessment

Vulnerability assessments are designed to yield a ranked or prioritized list of a system's vulnerabilities for various kinds of threats. Organizations that use these assessments are aware of security risks and understand they need help identifying and prioritizing potential issues. By understanding their vulnerabilities, an organization can formulate solutions and patches for those vulnerabilities for incorporation with their risk management system.

The perspective of a vulnerability may differ, depending on the system assessed. For example, a utility system, like power and water, may prioritize vulnerabilities to items that could disrupt services or damage facilities, like calamities, tampering and terrorist attacks. However, an information system (IS), like a website with databases, may require an assessment of its vulnerability to hackers and other forms of cyberattack. On the other hand, a data center may require an assessment of both physical and virtual vulnerabilities because it requires security for its physical facility and cyber presence.


Related Terms

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…