Glossary

Filter:
# A B C D E F G H I J K L M N O P Q R S T U V W X Y Z All
Vulnerability Assessment
  • A review of the susceptibility to loss or unauthorized use of resources, errors in reports and information, illegal or unethical acts, and/or adverse or unfavorable public opinion. (A-123) 2. A measurement of vulnerability which would include: a. The susceptibility of a particular system to a specific attack. b. The opportunity available to a threat agent (methods or things which may be used to exploit a vulnerability(such as fire)) to mount that attack. A vulnerability is always demonstrable but may exist independently of a known threat. In general, a description of a vulnerability takes account of those factors under friendly control. (AR 380-380) 3. A review of the susceptibility to loss or unauthorized use of resources, errors in reports and information, illegal or unethical acts, and adverse or unfavorable public opinion. Vulnerability assessments do not identify weaknesses or result in improvements. They are the mechanism with which an organization can determine quickly the potential for losses in its different programs or functions. The schedule of internal control reviews should be based on the results of the vulnerability assessments. (DODD 7040. 6) 4. The systematic examination of telecommunications to determine the adequacy of COMSEC measures, to identify COMSEC deficiencies, to provide data from which to predict the effectiveness of proposed COMSEC measures, and to confirm the adequacy of such measures after implementation. (NCSC-9) 5. A measurement of vulnerability which includes the susceptibility of a particular system to a specific attack and the opportunities available to a threat agent to mount that attack. (NCSC-TG-004-88)