Like this CertiGuide? Get it in PDF format!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)
      9  5.7  Risk Identification

Previous Topic/Section
5.7.3  Threat Identification
Previous Page
Pages in Current Topic/Section
1
Next Page
5.8  Education
Next Topic/Section

5.7.4  Vulnerabilities

NIST states, “Vulnerability analysis is an assessment to determine whether vulnerabilities identified during the evaluation of the construction and anticipated operation of the TOE (Target Of Evaluation) or by other methods (e.g. by flaw hypotheses) could allow users to violate the TSP (TOE Security Policy)”461.

Vulnerabilities are weaknesses in the computer/network hardware or software used on the network, which can be taken advantage of.

These would include things like systems relying on inadequate or non-existent passwords, software bugs allowing for buffer overflow exploits, networks that can be “sniffed” for confidential data, etc. The previous chapters have gone into great detail as to types of vulnerabilities that exist, and why they exist, so we don’t have to repeat that information here.

Risks, Threats and Vulnerabilities

A risk = threat X vulnerability X cost of the event occurring

A threat is a probability of causing harm. It is a combination of capability, opportunity and intent.

A vulnerability is a weakness in computer hardware and software.



 __________________

461. http://www.niap.nist.gov/tools/CCTB60f-Documentation/CCManual/CCCOVER.HTM

Previous Topic/Section
5.7.3  Threat Identification
Previous Page
Pages in Current Topic/Section
1
Next Page
5.8  Education
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.