Вы находитесь на странице: 1из 2

What is IT Vulnerability Assessment?

Vulnerability Assessments

An IT Vulnerability Assessment is a comprehensive process that looks for, quantifies and ranks any known vulnerabilities in an information technology system. This allows for potential risks to be quickly fixed and future problems avoided. A vulnerability analysis typically involves the scanning of hardware including servers, desktops and laptops and other resources like network applications, websites as well as the security and other configurations associated with the network and all of its assets.

Vulnerabilities are any weaknesses that could potentially compromise the system. Vulnerability assessments are also performed for water supply systems. In these tangible, real-world assessments people are also concerned with integrity and making sure there are no leaks in pipes and plumbing. IT vulnerability assessments for the virtual-world are very similar. The IT network can be thought of as a series of water pipes, carrying information. Leaks in the IT system can cause private information to escape and other undesirable consequences.

IT vulnerabilities can come in many shapes and sizes from incorrect security configurations by the system administrator to bugs in the system that can be exploited or used by external parties to access the system. These issues must be efficiently identified and remedied using proper reconfigurations, patches or other fixes.

Why Are Vulnerability Assessments Important?

In order to keep network assets and resources safe from cyber attacks or infiltration companies and organizations must perform an occasional IT Vulnerability Assessment. These assessments can be executed as needed or occur at regular intervals in order to maximize security and minimize potential exploitation of the system. Many IT systems contain sensitive information and data that must be protected. Malicious virtual attacks can range in severity from mild inconveniences to ones that will shut down the entire infrastructure or result in huge violations of privacy.

Small businesses, large regional infrastructures, Universities and more use vulnerability assessments to protect their networks. Any organization, large or small, that has incorporated an IT network should be concerned with vulnerabilities. Weaknesses in an IT system can result in a variety of different risks depending upon the specific information that is part of the system.

What is Involved in an Assessment?

There are normally four steps in a vulnerability assessment beginning with cataloguing the resources and assets associated with the system - hardware and software. Levels of importance are assigned to the assets in a quantification process and then known threats and vulnerabilities are looked for. This vital step is completed by testing specific ports and other reconnaissance. The reconnaissance does not exploit the weaknesses, but simply tests and identifies the extent of the weakness' presence. Vulnerabilities are quantified and ranked using various risk analysis processes that determine how much of a threat they are to the system.

Once the vulnerabilities are identified accordingly, the final step in an IT vulnerability assessment is eliminating or otherwise mitigating any issues. The ultimate goal is to remove or reduce any weakness that could potentially result in negative consequences. Subsequently, with each vulnerability assessment, the overall security of the system should be improved. Assessments should not impact IT operations under normal circumstances. Operations will only be affected if vulnerability is found that is associated with an extremely high degree of risk. An example would be a poor configuration that has made private information readily available - it needs to be fixed immediately.

For more information regarding Vulnerability Assessment Tool please contact us at our website.