IT Examiner School, Providence, RI

Vulnerability Assessments

 Require specific skills/knowledge  Audit team tries to find weak points  Tools used simulate a variety of attacks  Results can be used in Penetration Testing for potential exploitation  Catalog assets and capabilities (resources) in a system  Assign quantifiable value and importance to a resource  Identify the vulnerability or potential threat(s) to each resource  Assist in mitigating or eliminating vulnerabilities for key resources

Penetration Testing Penetration Testing “tests” a system to find and exploit known vulnerabilities that an attacker could exploit  Determine if there are weaknesses and ability to access system functionality and data  Are intrusive as actual “attack” tools are used  Require a high degree of skill to perform  Require management’s knowledge & consent  Penetration test reports will generally describe any weaknesses as “high”, “medium” or “low”