Vulnerability assessment
From Wikipedia, the free encyclopedia
A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Examples of systems for which vulnerability assessments are performed for include, but are not limited to, nuclear power plants, information technology systems, energy supply systems, water supply systems, transportation systems, and communication systems. Vulnerability assessments can be conducted for small businesses to large regional infrastructures.
Vulnerability assessment has many things in common with risk assessment. Assessments are typically performed according to the following steps:
- Cataloging assets and capabilities (resources) in a system.
- Assigning quantifiable value (or at least rank order) and importance to those resources
- Identifying the vulnerabilities or potential threats to each resource
- Mitigating or eliminating the most serious vulnerabilities for the most valuable resources
"Classical risk analysis is principally concerned with investigating the risks surrounding physical plant (or some other object), its design and operations. Such analyses tend to focus on causes and the direct consequences for the studied object. Vulnerability analyses, on the other hand, focus both on consequences for the object itself and on primary and secondary consequences for the surrounding environment. It also concerns itself with the possibilities of reducing such consequences and of improving the capacity to manage future incidents." (Lövkvist-Andersen, et al., 2004) In general, a vulnerability analysis serves to "categorize key assets and drive the risk management process." (United States Department of Energy, 2002)1
In the United States, guides providing valuable considerations and templates for completing a vulnerability assessment are available from numerous agencies including the Department of Energy, the Environmental Protection Agency, and the United States Department of Transportation, just to name a few.
[edit] References
US Department of Energy. (2002). Vulnerability Assessment Methodology, Electric Power Infrastructure. [1]