Identification of Vulnerabilities

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

ISO 27001:2013 - Information Security Management Systems
Course
Time
7 hours 52 minutes
Difficulty
Intermediate
Video Transcription
00:02
Lesson 4.5. Identification of vulnerabilities
00:09
in this lesson will cover
00:11
understanding the sources where you can identify vulnerabilities
00:21
for risks to materialize. A vulnerability must be present. That thread
00:26
actors can take advantage of
00:28
a vulnerability cannot cause harm by itself.
00:31
There must be a threat prison thio exploited and cause associated home.
00:36
These vulnerabilities can include vulnerabilities on your network that are detected by your vulnerability management program,
00:44
a lack of controls around certain processes and known control breakdowns or any
00:49
effectiveness and existing controls.
00:53
Understanding these allows one to map the vulnerabilities to the threats to the information assets. To give a risk scenario.
01:00
Again,
01:03
I saw a 27,000 and five provides a list of example vulnerabilities.
01:07
But a simple Google search will give you a lot of options to choose from as well.
01:12
There are plenty of freely available sources. Online
01:18
vulnerabilities will only become an issue for which controls need to be implemented or improved when there is a threat present that could take advantage of these
01:27
critical infrastructure. Vulnerabilities should always be prioritized and remediated in line with your vulnerability management program.
01:37
Vulnerabilities can be prison on physical assets
01:40
in physical controls
01:42
in people and in software or other intangible network components.
01:49
So where do you identify your vulnerabilities?
01:53
Vulnerabilities can be from
01:56
your vulnerability assessments and penetration tests.
02:00
Thes would be specific to hardware, software and other network components that thescore ope of your vulnerability assessment or penetration test covered
02:09
control breakdowns.
02:12
Thes would generally be identified through some sort of management review process
02:17
or other internal monitoring
02:20
where you have no today. Control is not operating as intended
02:25
ordered findings that have noted a control breakdown
02:30
or a control not performing effectively,
02:35
or even a control that has been inadequately designed
02:40
areas where controls haven't yet been implemented. So where you have a planned control implementation,
02:47
those areas will be vulnerable until the control is successfully implemented.
02:54
Personal can be a vulnerability,
02:58
either through deliberate actions performed or accidental actions.
03:05
Dependencies on soul, personal or external parties
03:08
can also present a vulnerability.
03:20
In this lesson,
03:21
we went over the sources that could be used to identify vulnerabilities
Up Next
View All
Instructed By
Judy Winn

Judy Winn

CISO at NFA Solutions

Instructor
Similar Content
Kali Linux Fundamentals
Course
Kali Linux Fundamentals
4.12
If you’re interested in penetration testing and ethical hacking, then this Kali Linux course is ...
1CEUs
Application of the MITRE ATT&CK Framework
Course
Application of the MITRE ATT&CK Framework
4.29
This MITRE ATT&CK training is designed to teach students how to apply the matrix to ...
10CEUs
Microsoft Developing Microsoft SQL Server 2012 Databases
Virtual Lab
Microsoft Developing Microsoft SQL Server 2012 Databases
Prove your capabilities as an exceptionally skilled enterprise professional and work hands- on using Microsoft ...