Identification of Vulnerabilities

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
7 hours 56 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:02
Lesson 4.5. Identification of vulnerabilities
00:09
in this lesson will cover
00:11
understanding the sources where you can identify vulnerabilities
00:21
for risks to materialize. A vulnerability must be present. That thread
00:26
actors can take advantage of
00:28
a vulnerability cannot cause harm by itself.
00:31
There must be a threat prison thio exploited and cause associated home.
00:36
These vulnerabilities can include vulnerabilities on your network that are detected by your vulnerability management program,
00:44
a lack of controls around certain processes and known control breakdowns or any
00:49
effectiveness and existing controls.
00:53
Understanding these allows one to map the vulnerabilities to the threats to the information assets. To give a risk scenario.
01:00
Again,
01:03
I saw a 27,000 and five provides a list of example vulnerabilities.
01:07
But a simple Google search will give you a lot of options to choose from as well.
01:12
There are plenty of freely available sources. Online
01:18
vulnerabilities will only become an issue for which controls need to be implemented or improved when there is a threat present that could take advantage of these
01:27
critical infrastructure. Vulnerabilities should always be prioritized and remediated in line with your vulnerability management program.
01:37
Vulnerabilities can be prison on physical assets
01:40
in physical controls
01:42
in people and in software or other intangible network components.
01:49
So where do you identify your vulnerabilities?
01:53
Vulnerabilities can be from
01:56
your vulnerability assessments and penetration tests.
02:00
Thes would be specific to hardware, software and other network components that thescore ope of your vulnerability assessment or penetration test covered
02:09
control breakdowns.
02:12
Thes would generally be identified through some sort of management review process
02:17
or other internal monitoring
02:20
where you have no today. Control is not operating as intended
02:25
ordered findings that have noted a control breakdown
02:30
or a control not performing effectively,
02:35
or even a control that has been inadequately designed
02:40
areas where controls haven't yet been implemented. So where you have a planned control implementation,
02:47
those areas will be vulnerable until the control is successfully implemented.
02:54
Personal can be a vulnerability,
02:58
either through deliberate actions performed or accidental actions.
03:05
Dependencies on soul, personal or external parties
03:08
can also present a vulnerability.
03:20
In this lesson,
03:21
we went over the sources that could be used to identify vulnerabilities
Up Next
ISO 27001:2013 - Information Security Management Systems

The ISO 27001:2013 - Information Security Management Systems course provides students with insights into the detail and practical understandings meant by the various clauses in the ISO 27001 Standard.

Instructed By