A vulnerability assessment is a risk management process used to identify, quantify and rank possible vulnerabilities to threats in a given system. It is not isolated to a single field and is applied to systems across different industries, such as:
•IT systems
•Energy and other utility systems
•Transportation
•Communication systems
The key component of a vulnerability assessment is the proper definition for impact loss rating and the system’s vulnerability to that specific threat. Impact loss differs per system. For example, an assessed air traffic control tower may consider a few minutes of downtime as a serious impact loss, while for a local government office, those few minutes of impact loss may be negligible.
Vulnerability assessments are designed to yield a ranked or prioritized list of a system’s vulnerabilities for various kinds of threats. Organizations that use these assessments are aware of security risks and understand they need help identifying and prioritizing potential issues. By understanding their vulnerabilities, an organization can formulate solutions and patches for those vulnerabilities for incorporation with their risk management system.