Vulnerability Assessment, Which Way To Go?

Share

It will be great to understand the following terminologies before digging into Vulnerability Assessment “VA” as it is often called;

Vulnerability:
A flaw or weakness in system security procedures, design, implementation, or internal controls that may result in a security breach or a violation of the system’s security policy.

Control:
Measures taken to prevent, detect, minimize, or eliminate risk, to protect the Integrity Confidentiality, and Availability of information.

Vulnerability assessment is the process of identifying, quantifying, and prioritising (or ranking) the loopholes in a system.

Why do VA? Vulnerability Assessment is done for the following purposes:

  • Network auditing 
  • Provide direction for security controls.
  • Can help justify resource expenditure
  • Can provide greater insight into process and architecture compliance checking 
  • Continuous monitoring


I think I should quickly leave you with this;

Researching Vulnerability
The Common Vulnerabilities and Exposures (CVE) http://cve.mitre.org and some other tools will provide CVE numbers that can be used to look up additional vulnerability information from trusted sources US-CERT Vulnerability Notes Database: http://www.kb.cert.org/vuls/ National Vulnerability Database: http://nvd.nist.gov etc.

Oh!!, I almost forgot to tell you about the fix.

Remediation
Vulnerability remediation is the process of fixing vulnerabilities. Pick the issues you want to fix because you may not have enough resources to fix them all at a particular point in time.

Remediation choices

For every vulnerability there are three choices for remediation:
Fix – eliminate vulnerability all-together.
Accept – the cost of fixing outweighs the risk
Mitigate – don’t outright fix but use additional layers of security to lessen the risk presented by the vulnerability. I hope this has helped to educate you a little.

Don’t forget to drop your comments below. Let me drop this pen now and go test some apps.

1 Comment. Leave new

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed

Got a Project?

We’re happy to collaborate with brands and are confident we can develop the right solution each and every time.

Menu
Want More SEO Traffic & Online Business Patronage?

We will give you a personalized step-by-step Strategy On How You Can get more traffic And Online Business Patronage.