Ans.
The Importance Of Vulnerability Assessment
Simply put, an organization can fully understand the
security flaws, overall risk, and
assets that are vulnerable to cybersecurity
breaches. To stay protected and to counter surprise attacks, a
thorough vulnerability assessment can fix the
unattended security issues.
Vulnerability Assessment
- Step 1: Conduct Risk Identification And Analysis
- Step 2: Vulnerability Scanning Policies and Procedures
- Step 3: Identify The Types Of Vulnerability Scans
- Step 4: Configure The Scan
- Step 5: Perform The Scan
- Step 6: Evaluate And Consider Possible Risks
- Step 7: Interpret The Scan Results
- Step 8: Create A Remediation Process And Mitigation Plan
A statistical correlation between the observed ground motion and
the damage to the residential buildings is derived for overall
damaged buildings and expressed as the vulnerability
function. The loss function is calculated
by combining the seismic hazard with the vulnerability
function.
The study of vulnerability and annual seismic hazard shows that
the specific annual risk for the range of motion of 0.18 to 0.5 g
is equal to 0.02. This indicates that the specific risk for
semi-engineered residential buildings with a lifetime of 20 years
is about 33%. This study also shows that in large cities, such as
Tehran, located in seismic areas, the extent of damage according to
the vulnerability function will be 45 and 70% for expected maximum
accelerations of 0.3 and 0.4 g, respectively.
Here are a few common reasons we hear from across the industry
regarding why vulnerability management is so difficult:
- Limited time and resources. In some cases, patching can be
time-consuming and expensive for most companies. Almost every
company I know struggles to find the time or manpower to test and
apply the patches. Because cybersecurity professionals often have
to fight for their budgets in the first place, it can be difficult
to make the case for extra resources needed to ensure all your
software vulnerabilities are addressed.
- The time to test patches. When possible, organizations should
test patches on an isolated system to determine if there are any
unforeseen or unwanted side effects. But, for most companies,
testing patches before deployment is a luxury. Most businesses
don’t have test environments to observe whether a patch will have a
negative impact on production, and thus, they hesitate to patch,
fearing that critical systems may be negatively impacted.
- They can’t scale easily. Due to the complexity of some systems,
installing a patch or collection of patches can be a major
undertaking. Many patches require that a system be rebooted,
leading to downtime on systems with high requirements for
availability. For larger companies, patching can be difficult
because they don’t have the software tools to automate the process
across the large numbers of endpoints and servers.
- Some systems can’t be patched. For healthcare, in particular,
medical devices are often supported by the manufacturer and also
regulated by the FDA. As such, companies are often forced to take a
hands-off approach to this class of assets, leaving them exposed to
attacks from malicious attackers.