ABSTRACT
In simple terms, vulnerabilities are opportunities. More precisely, vulnerabilities are weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset. Vulnerabilities include structural, procedural, electronic, human, and other elements which provide opportunities to attack assets. Vulnerabilities can be categorized as physical, technical, or operational. A vulnerability assessment is a systematic approach used to assess a facility’s security posture and analyze the effectiveness of the existing security program at the facility. The basic process of a vulnerability assessment first determines what assets are in need of protection by the facility’s security program, and then identifies the protection measures already in place to secure those assets and what gaps in protection exist. The scope of a vulnerability assessment depends on the goal of the security team. An important quality for the vulnerability assessment team is the ability to think like an adversary.
