What Is A Vulnerability Assessment
When an organization wants to see if they have a weakness in their information security or other areas of their company that relates to a data breach. This data breach can be in the form of pertinent information that has been stolen or financial information that has been stolen or even compromised. The vulnerability assessment is also known as security assessments. These assessments allow the company to see if they are at risk and if they are they can improve their risk management process before a tragedy occurs.
A part of improving the risk management process will be updating and improving security strategies and company policies. There are five steps that are implemented during a vulnerability assessment. Number one determine why you feel you need the assessment done.
Step two performs a thorough scan of the company’s entire network and all devices that are used in the network. Step three will be to identify and confirm every vulnerability. Step four you will need to determine the urgency and the level of the vulnerabilities that are found. Step five you should then prepare a vulnerability report so a plan of action can start to be implemented.
The Different Types Of Security Assessments
The first type of security assessment is the security operations and program assessments. This type of assessment assesses the company’s resources and current security program. This type of assessment can be done at three different levels which are the facility level, organizational level, and geographic level. The parts of the security operations and program assessment includes structure and funding, staffing and training, physical and technical security, and the effectiveness of technologies in relation to security risk.
The next type of assessment is the physical facility and technical security assessments. The first part of this type of assessment starts with the assessing of the actual facility. The next step in this particular assessment would include a vulnerability, risk, and threat profile. This profile would be performed on the environment, operations, data used and stored, and on any internal risk. The last step in this type of assessment would be a perimeter alarm systems check. This check includes the following fire and life safety alarms, intrusion detection system, emergency plans, mail and package delivery, and closed-circuit television coverage.
The next type of assessment is risk, threat, and vulnerability assessment. The first part of this assessment would be to review all the potential human, accidental, and natural threats. Then the consequences of the possible risks, threats, and vulnerabilities must be taken into consideration and a plan of action must be developed if one is not already in place. The other areas that are focused on in this particular type of assessment are workforce protection, communications, crisis management, emergency preparedness, physical and technical security, and communications.
The final type of assessment is the extended perimeter security assessment. This type of assessment includes the development of technical survey reports to assist law enforcement and training in the areas of advance planning. The next step of this assessment would be to learn how to respond to distance attacks such as a sniper attack.
There are many different aspects of vulnerability assessment and it is not just technical. This assessment extends to every part of a business. It includes preventing attacks both physically and cyberally. It also includes the development of plans of action to combat each type of attack. It also includes examining current plans of action and if there’s a whole or something that is missing the vulnerability assessment contractor helps the company to develop the proper plan of action that has no holes or cracks in the system.