Читать книгу Risk Assessment - Marvin Rausand - Страница 121

A weakness of an asset or control that can be exploited by one or more threat actors.

A vulnerability is a characteristic or state of the asset that allows a threat actor to carry out a successful attack. The weakness may have been introduced during design, installation, operation, or maintenance.

Vulnerability refers to the security flaws in a system that allow an attack to be successful. These weaknesses may be categorized as physical, technical, operational, and organizational. A vulnerability in security terms can be, for example, an unlocked door, allowing unauthorized people to access a computer that is not protected by a password. We can see that a vulnerability in many respects can be compared to what we would call “lack of” or “weak” barriers when we are talking about risk.

Vulnerability is also used in relation to safety, but then more as an opposite to resilience (see next section). Security and security assessment are discussed in more detail in Chapter 17.