|
|
 |
Vulnerability
Information from: Security Survival: A Source Book from the Open Group
and Information Technology and Systems Auditing: Second Edition
Weaknesses in the way a system or network is set up, operated, or maintained that may make certain information or processes on that system available to unauthorized people who in turn may use these for malicious purposes.
Business Process
1. Identify what assets must be protected against which threats.
2. Determine the vulnerailities that can manifest these threats.
3. Estimate the risks of these vulnerabilities being exploited.
4. Where the risks are unacceptable, identify and specify a set of countermeasures to the threats with the aim of reducing the vulnerabilities and associated risks to acceptable levels.
Information Systems
1. Ineffective computer-based application systems not meeting user's needs.
2. Inefficient computer operations resulting from not utilizing full hardware and software resources.
3. Unauthorized access to system resources.
4. Inability to recover from an attack or other disaster.
5. Mis-allocation of resources (hardware, software,
financial assets).
|
Home : Information Security : Architecture 
