Vulnerability assessment
From Wikipedia, the free encyclopedia
Vulnerability assessment is the process of identifying and quantifying vulnerabilities in a system. The system being studied could be a physical facility like a nuclear power plant, a computer system, or a larger system (for example the communications infrastructure or water infrastructure of a region).
Vulnerability assessment has many things in common with risk assessment. Assessments are typically performed according to the following steps:
- Cataloging assets and capabilities (resources) in a system
- Assigning quantifiable value and importance to the resources
- Identifying the vulnerabilities or potential threats to each resource
- Mitigating or eliminating the most serious vulnerabilities for the most valuable resources
"Classical risk analysis is principally concerned with investigating the risks surrounding physical plant (or some other object), its design and operations. Such analyses tend to focus on causes and the direct consequences for the studied object. Vulnerability analysis, on the other hand, focuses both on consequences for the object itself and on primary and secondary consequences for the surrounding environment. It also concerns itself with the possibilities of reducing such consequences and of improving the capacity to manage future incidents." (Lövkvist-Andersen, et. al., 2004)
