Introduction to IT Security Vulnerability Assessments
- Jul 29, 2014
- Guest Author
A vulnerability assessment, also known as vulnerability testing, is the practice of detecting, classifying, prioritizing, and remediating security vulnerabilities in IT infrastructure and applications. Regulatory compliance, which commonly requires a documented security process, is a considerable driver for vulnerability assessments. Even if your company is not bound by any regulations, a vulnerability assessment should be a regular activity of every organization’s security policy.
The objectives of a vulnerability assessment include:
The description of specific phases of a vulnerability assessment may differ slightly from provider to provider, however, a vulnerability assessment is typically performed according to the following steps:
A vulnerability assessment can be completed against your network, systems and applications using automated software. You will want the vulnerability scan to be comprehensive. Everything that is connected to your company’s network should be scanned. The tools provide a list of identified vulnerabilities sorted by asset, with vulnerabilities ranked by overall risk and recommendations for remediation.
A vulnerability assessment should be part of a structured approach to addressing security vulnerabilities that may include implementing perimeter defenses such as firewalls, intrusion detection systems and anti-virus/malware scanning software.
To learn more about how to complete a successful vulnerability assessment, download the Best Practices Guide: Vulnerability Assessments.