expand for answer

Vulnerability assessment

Formal description and evaluation of vulnerabilities of an information system. Systematic examination of an IS or product to determine the adequacy of security measures identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.


Similar items:
A process used to identify vulnerabilities, or weaknesses. It can include both technical means, such as vulnerability scans, and nontechnical means, such as an evaluation or inspection of existing data on threats and vulnerabilities. Examination of information to identify the elements comprising a vulnerability. The systematic examination of systems to determine the adequacy of security measures, identify security deficiencies, and provide data from which to predict the effectiveness of proposed security measures.
[view]
A program used to detect weaknesses within an organization. Vulnerability scans and vulnerability assessments are two common elements of a vulnerability management program. Vulnerability scans are technical scans performed regularly, and vulnerability assessments are normally combined with a risk assessment.
[view]
An examination and analysis of the security safeguards of a system as they have been applied in an operational environment to determine the security posture of the system. Examination and analysis of the safeguards required to protect an information system, as they have been applied in an operational environment, to determine the security posture of that system.
[view]
An independent review and examination of system records and activities that test for the adequacy of system controls, ensure compliance with established policy and operational procedures, and recommend any indicated changes in controls, policy, and procedures. Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures.
[view]
Process of using formal proofs to demonstrate the consistency between formal specification of a system and formal security policy model (design verification) or between formal specification and its highlevel program implementation (implementation verification).
[view]


There are no comments yet.

Authentication required

You must log in to post a comment.

Log in