Vulnerability is flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy.
Notice that the vulnerability can be a flaw or weakness in any aspect of the system. Vulnerabilities are not merely flaws in the technical protections provided by the system. Significant vulnerabilities are often contained in the standard operating procedures that systems administrators perform, the process that the help desk uses to reset passwords or inadequate log review. Another area where vulnerabilities may be identified is at the policy level. For instance, a lack of a clearly defined security testing policy may be directly responsible for the lack of vulnerability scanning.
Here are a few examples of vulnerabilities related to contingency planning/ disaster recovery:
• Inadequate information system recovery procedures, for all processing areas (including networks)
• Not having alternate processing or storage sites
• Not having alternate communication services
• Not having clearly defined contingency directives and procedures
• Lack of a clearly defined, tested contingency plan • The absence of adequate formal contingency training • Lack of information (data and operating system) backups
No comments:
Post a Comment