Security Vulnerability & Risk Assessments
Vulnerabilities are weak links in the security network. Information, energy, and communication systems, as well as people, infrastructure and assets, are all vulnerable to threat. Risk analysis is about investigating risk, understanding its impact and finding ways around it. This would require a study around the cause and consequences of the threat to the priced asset, be it a person, property, merchandise, or information. Vulnerability assessment concerns itself with reducing consequences related to the risk, thereby improving future impacts.
State of the art methods of risk and vulnerability assessment involve cataloging of a system's assets and resources along with a rank order of importance to evaluate the value of these assets. Subsequently a detailed evaluation of potential threats that could damage these resources is performed. An ideal plan for security can then be established by eliminating the most serious vulnerabilities for the most valuable resources. This allows appropriate allocation of investment towards the most priced assets. The complexity of interactions involved here are tremendous, hence we use flow charts and diagrams to depict different systems that could interact to generate risk; and then suggest ways to mitigate them.