This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Vulnerability assessment" – news · newspapers · books · scholar · JSTOR(July 2013) (Learn how and when to remove this message)
A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Examples of systems for which vulnerability assessments are performed include, but are not limited to, information technology systems, energy supply systems, water supply systems, transportation systems, and communication systems. Such assessments may be conducted on behalf of a range of different organizations, from small businesses up to large regional infrastructures. Vulnerability from the perspective of disaster management means assessing the threats from potential hazards to the population and to infrastructure.
It may be conducted in the political, social, economic or environmental fields.
Vulnerability assessment has many things in common with risk assessment. Assessments are typically performed according to the following steps:
Cataloging assets and capabilities (resources) in a system.
Assigning quantifiable value (or at least rank order) and importance to those resources
Identifying the vulnerabilities or potential threats to each resource
Mitigating or eliminating the most serious vulnerabilities for the most valuable resources
"Classical risk analysis is principally concerned with investigating the risks surrounding a plant (or some other object), its design and operations. Such analysis tends to focus on causes and the direct consequences for the studied object. Vulnerability analysis, on the other hand, focuses both on consequences for the object itself and on primary and secondary consequences for the surrounding environment. It also concerns itself with the possibilities of reducing such consequences and of improving the capacity to manage future incidents." (Lövkvist-Andersen, et al., 2004)[1] In general, a vulnerability analysis serves to "categorize key assets and drive the risk management process." (United States Department of Energy, 2002).[2]
In the United States, guides providing valuable considerations and templates for completing a vulnerability assessment are available from numerous agencies including the Department of Energy, the Environmental Protection Agency, and the United States Department of Transportation.
Several academic research papers including Turner et al. (2003),[3] Ford and Smith (2004),[4] Adger (2006),[5] Fraser (2007)[6] and Patt et al. (2010)[7] amongst others, have provided a detail review of the diverse epistemologies and methodologies in vulnerability research. Turner et al. (2003)[3] for example proposed a framework that illustrates the complexity and interactions involved in vulnerability analysis, draws attention to the array of factors and linkages that potentially affects the vulnerability of a couple of human–environment systems. The framework makes use of nested flowcharts to show how social and environmental forces interact to create situations vulnerable to sudden changes. Ford and Smith (2004), propose an analytical framework, based on research with Canadian arctic communities. They suggest that, the first stage is to assess current vulnerability by documenting exposures and current adaptive strategies. This should be followed by a second stage that estimates directional changes in those current risk factors and characterizes the community's future adaptive capacity. Ford and Smith's (2004) framework utilizes historic information including how communities have experienced and addressed climatic hazards, with information on what conditions are likely to change, and what constraints and opportunities there are for future adaptation.
^Lövkvist-Andersen, et al., 2004 https://www.researchgate.net/publication/242256695_Modelling_Society's_Capacity_to_Manage_Extraordinary_Events_Developing_a_Generic_Design_Basis_GDB_Model_for_Extraordinary_Societal_Events_using_Computer-Aided_Morphological_Analysis
^US Department of Energy. (2002). Vulnerability Assessment Methodology, Electric Power Infrastructure. [1]
^ abTurner, B. L.; Kasperson, R. E.; Matson, P. A.; McCarthy, J. J.; Corell, R. W.; Christensen, L.; Eckley, N.; Kasperson, J. X.; Luers, A.; Martello, M. L.; Polsky, C.; Pulsipher, A.; Schiller, A. (5 June 2003). "Science and Technology for Sustainable Development Special Feature: A framework for vulnerability analysis in sustainability science". Proceedings of the National Academy of Sciences. 100 (14): 8074–8079. Bibcode:2003PNAS..100.8074T. doi:10.1073/pnas.1231335100. PMC 166184. PMID 12792023.
^Ford, James D.; Barry Smit (Dec 2004). "A Framework for Assessing the Vulnerability of Communities in the Canadian Arctic to Risks Associated with Climate Change". Arctic. 57 (4): 389–400. doi:10.14430/arctic516. hdl:10535/3095. JSTOR 40512642.
^Adger, W. Neil (August 2006). "Vulnerability". Global Environmental Change. 16 (3): 268–281. doi:10.1016/j.gloenvcha.2006.02.006.
^Fraser, Evan D. G. (August 2008). "Travelling in antique lands: using past famines to develop an adaptability/resilience framework to identify food systems vulnerable to climate change". Climatic Change. 83 (4): 495–514. doi:10.1007/s10584-007-9240-9. S2CID 154404797.
^Patt, Anthony; Dagmar Schröter; Richard Klein; Anne Cristina de la Vega-Leinert (2010). Assessing vulnerability to global environmental change : making research useful for adaptation decision making and policy (1st paperback ed.). London: Earthscan. ISBN 9781849711548.
and 25 Related for: Vulnerability assessment information
A vulnerabilityassessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Examples of systems...
Satellite Vulnerability Survivability/Lethality Analysis – US Army RESIST RESIST VulnerabilityAssessment Code Top Computer Vulnerabilities United Nations...
thought to vulnerable. For example, the Vulnerability Sourcebook is a guide for practical and scientific knowledge on vulnerabilityassessment. Climate...
several services and tools offering vulnerability scanning and vulnerability management. All Greenbone Vulnerability Management products are free software...
The Sixth Assessment Report (AR6) of the United Nations (UN) Intergovernmental Panel on Climate Change (IPCC) is the sixth in a series of reports which...
windows accounts). VulnerabilityAssessment - This uses discovery and vulnerability scanning to identify security vulnerabilities and places the findings...
specialized in missile electronic warfare, vulnerability, and surveillance. It was responsible for assessing the vulnerability of Army weapons and electronic communication...
the vulnerability using Facebook's bug bounty program but the student was misunderstood by Facebook's engineers. Later he exploited the vulnerability using...
International Conference on Detection of Intrusions and Malware, and VulnerabilityAssessment (DIMVA), held in July 2014, issued a report condemning this as...
Open Vulnerability and Assessment Language (OVAL) is an international, information security, community standard to promote open and publicly available...
vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with vulnerabilityassessment. Vulnerabilities...
is not to be confused with a vulnerabilityassessment. The test is performed to identify weaknesses (or vulnerabilities), including the potential for...
(CRISTAL). Food industry stakeholders can perform a vulnerabilityassessment to understand the vulnerabilities of their system, the consequences of an event...
bought supply chain software company Wavelink in 2012, network vulnerabilityassessment and patch management company Shavlik in 2013, application software...
associated vulnerability exceeds the expectation of loss." Benoit Mandelbrot distinguished between "mild" and "wild" risk and argued that risk assessment and...
involves performing vulnerabilityassessments or penetration tests against the database. Testers attempt to find security vulnerabilities that could be used...
In its broadest sense, social vulnerability is one dimension of vulnerability to multiple stressors and shocks, including abuse, social exclusion and...
technology (such as antivirus, host intrusion prevention, and vulnerabilityassessment), user or system authentication and network security enforcement...
to design, develop, and deploy secure software through a flexible self-assessment model. SAMM supports the complete software lifecycle and is technology...
seminar, vulnerability indexes were established as governance tools. However, despite existing vulnerabilityassessment methodologies, vulnerability assessments...
acquired Pedestal Software, a software company that specializes in vulnerabilityassessment tools (SecurityExpressions and AuditExpress). February 2007 - Altiris...
network analysis, from stress tests to sniffing, also including vulnerabilityassessment, computer forensic analysis and exploitation. Part of the power...
result The vulnerability test results Risk assessment results including identified assets, threats, vulnerabilities, impact and likelihood assessment, and the...
Best Vulnerability Management Solution in its 2020 Trust Awards. Qualys received 2019 Gartner Peer Insights Customers' Choice Award for Vulnerability Assessment...