Vulnerability Assessment service is the key to success for most organizations irrespective of whether it is Internal and External. Identifying the Vulnerability in an environment with a clear understanding of the Business and Technical risk is the key to success to uphold and review the appropriate security controls.

A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Examples of systems for which vulnerability assessments are performed for include, but are not limited to, nuclear power plants, information technology systems, energy supply systems, water supply systems, transportation systems, and communication systems. Vulnerability assessments can be conducted for small businesses to large regional infrastructures.

Vulnerability assessment has many things in common with risk assessment. Assessments are typically performed according to the following steps:

  • Cataloging assets and capabilities (resources) in a system
  • Assigning quantifiable value (or at least rank order) and importance to those resources
  • Identifying the vulnerabilities or potential threats to each resource
  • Mitigating or eliminating the most serious vulnerabilities for the most valuable resources