| The method of identifying, quantifying and prioritizing | | | | integrating security into the overall process of a safety |
| the vulnerabilities in a system according to type is | | | | management system. Analysis is done for potential |
| known as vulnerability assessment. Vulnerability | | | | threats against public facilities as well as potential highly |
| assessments are performed for a variety of systems | | | | explosive and risky events for government and military |
| including nuclear power plants, energy supply systems, | | | | installations. |
| transportation systems and communication systems, | | | | Network vulnerability assessment includes performing |
| among many others. Vulnerability assessments could | | | | a lot of steps in order to identify if the host is actually |
| be conducted for a large range of systems, from small | | | | vulnerable to an attack or whether it has been |
| businesses to very large intercontinental infrastructures. | | | | patched. First of all, all the hosts on the network are |
| It can be done in political, economic, environmental as | | | | found and identified. Then, their operating systems are |
| well as social fields. | | | | fingerprinted, and open ports on the system are |
| The process of identification of hazards and threats | | | | detected. The ports are then mapped to various |
| and evaluation of potential consequences in a system | | | | network services. Next, the versions of the running |
| is known as security vulnerability assessment. It | | | | services is detected. And finally, all the service versions |
| includes detailed analysis of high risk situations, | | | | are mapped to the various discovered security |
| characterization of threats, and development of | | | | vulnerabilities, which eventually lets us find out whether |
| effective measures to reduce the risk involved in | | | | the host is actually vulnerable to any attacks. |