A system (technologically speaking) – is a collection of components that work together to create the whole.
For example your computer is a system that includes a processor, hard disk, and graphics card as components. When you connect two or more computers together, you create a computer network system. Connect enough networks together so they can talk to each other, and you’ll eventually get the internet.
Your Information Technology (IT) person or department – is usually tasked with keeping your computer systems operating at peak efficiency. Part of this objective is achieved by properly securing your computer systems so they cannot be modified in a harmful way (whether malicious or accidental) – or to prevent your sensitive data from being exposed (such as your private information).
What is a system vulnerability assessment?
“If vulnerabilities are the entry points, attack vectors are the ways attackers can launch their assaults” McAfee Labs
Every technology system is vulnerable to some form of attack or exploit – which in security parlance is called a threat or attack vector. A threat vector can be as simple as breaking a machine with a baseball bat, or as sophisticated as using complex software and social engineering to break into the most secure systems.
Therefore in order to secure your system, you need to answer some questions:
- What security vulnerabilities exist within my system?
- What attack vectors allow someone to exploit that vulnerability?
- How easy is it to exploit this vulnerability?
- What level of risk does this pose to my business if the vulnerability is exposed?
These are the questions that get answered when you run a system vulnerability assessment.
System Vulnerability Assessments should be run annually at a minimum. Larger organizations can benefit from quarterly or even monthly assessments depending on the sensitivity of information within their control.
Why? Because technology keeps changing all the time. From regular software updates and computer upgrades, to people coming and going from the organization for any number of reasons. Every change to the system can create a new vulnerability somewhere – therefore these risks need to be known as soon as possible.
Running a System Vulnerability Assessment Program:
There are several components to a system vulnerability assessment that can be included in an overall assessment program. Depending on the security needs of your organization, these can be almost infinitely fine-tuned according to your requirements.
- System Vulnerability Scanning
- Web Application Security
- Computer Security
- Network Security
- Business Security