Lesson 4.5. Identification of vulnerabilities
in this lesson will cover
understanding the sources where you can identify vulnerabilities
for risks to materialize. A vulnerability must be present. That thread
actors can take advantage of
a vulnerability cannot cause harm by itself.
There must be a threat prison thio exploited and cause associated home.
These vulnerabilities can include vulnerabilities on your network that are detected by your vulnerability management program,
a lack of controls around certain processes and known control breakdowns or any
effectiveness and existing controls.
Understanding these allows one to map the vulnerabilities to the threats to the information assets. To give a risk scenario.
I saw a 27,000 and five provides a list of example vulnerabilities.
But a simple Google search will give you a lot of options to choose from as well.
There are plenty of freely available sources. Online
vulnerabilities will only become an issue for which controls need to be implemented or improved when there is a threat present that could take advantage of these
critical infrastructure. Vulnerabilities should always be prioritized and remediated in line with your vulnerability management program.
Vulnerabilities can be prison on physical assets
in physical controls
in people and in software or other intangible network components.
So where do you identify your vulnerabilities?
Vulnerabilities can be from
your vulnerability assessments and penetration tests.
Thes would be specific to hardware, software and other network components that thescore ope of your vulnerability assessment or penetration test covered
Thes would generally be identified through some sort of management review process
or other internal monitoring
where you have no today. Control is not operating as intended
ordered findings that have noted a control breakdown
or a control not performing effectively,
or even a control that has been inadequately designed
areas where controls haven't yet been implemented. So where you have a planned control implementation,
those areas will be vulnerable until the control is successfully implemented.
Personal can be a vulnerability,
either through deliberate actions performed or accidental actions.
Dependencies on soul, personal or external parties
can also present a vulnerability.
we went over the sources that could be used to identify vulnerabilities