This is the process of identification, quantification and prioritization of vulnerabilities in a computer system.
The activity involves the following phases:
- Identification of resources (hardware/software) in the system;
- Identification of vulnerabilities and potential risks for the resources;
- Classification of vulnerabilities identified in terms of impacts on security and likelihood of violation;
- Identification of available countermeasures;
Vulnerability assessment can be performed by the personnel within the organisation (internal staff) or by professionals outside the organisation (third party).
During vulnerability assessments, standard methodologies are used, such as:
- ISECOM: network systems, SCADA protocols, biometrics, strong authentication, wireless systems
- OWASP:Web-based applications
The approach used is Ethical Hacking.
Checking for risk situations not properly managed within the information system.
Whenever it is necessary to prove effectiveness of the security measures in force within the information systems.
E.g. in the banking context, the existing legislation requires, at set time intervals, the regular performing of vulnerability assessments carried out by third parties.
Show.it has a long-time experience in performing vulnerability assessments in the banking, public administration and industrial field.