C.vulnerability Assessment

Uploaded by

sairamkesanapalli

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

13 views7 pages

C.vulnerability Assessment

Uploaded by

sairamkesanapalli

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 7

Module 4: Security Operations

Vulnerability Assessment

Indian Institute of Information Technology Dharwad

Ittigatti Road, Near Sattur Colony, Dharwad 580009
Why is vulnerability assessment important?
● Vulnerability assessment is critically important for organizations seeking to
fortify their cybersecurity defenses so that risks can be mitigated before they
are exploited by malicious actors.
● Beyond risk management, vulnerability assessments also play a pivotal role in
regulatory compliance, helping organizations adhere to industry standards and
data protection regulations.
● Ultimately, vulnerability assessments are instrumental in enhancing overall
security posture, ensuring resilience against emerging cyber threats, and
maintaining trust with customers and stakeholders alike.

2
2 of 26
Vulnerability and Vulnerability Assessment
• Vulnerability: Vulnerability is a weakness in a system that can be exploited by an attacker to deliver an
attack to potentially compromise the confidentiality, integrity, or availability of data or resources.
• Vulnerability Assessment: Vulnerability assessment is the process of identifying security weaknesses
in a system. It evaluates the severity of the vulnerabilities that the system is susceptible to and suggests
ways to mitigate them.

3
3 of 26
Types of Vulnerability Assessments
● Network Vulnerability Assessment: Focuses on identifying vulnerabilities within network
infrastructure, such as routers, switches, firewalls, and other network devices.
● Host-Based Vulnerability Assessment: Concentrates on individual systems (hosts) within the network
and identifies vulnerabilities in operating systems, applications, etc.
● Web Application Vulnerability Assessment: Specifically targets vulnerabilities within web applications
and their underlying components.
● Database Vulnerability Assessment: Focuses on identifying vulnerabilities within databases and their
management systems (DBMS).

Network Host-Based Web App Database

VA VA VA VA
4
4 of 26
Types of Vulnerability Assessments
● Wireless Network Vulnerability Assessment: Assesses vulnerabilities in wireless networks, including
Wi-Fi networks and Bluetooth connections.
● Cloud-Based Vulnerability Assessment: Evaluates vulnerabilities within cloud infrastructure and
services hosted on platforms like AWS, Azure, or Google Cloud.
● Physical Security Vulnerability Assessment: Assesses physical security measures such as access
controls, surveillance systems, and environmental controls and identifies vulnerabilities in physical
infrastructure.

Wireless Cloud-Based Physical

Network VA Security VA
VA 5
5 of 26
Case Study: NASA Jet Propulsion Laboratory (JPL) Cybersecurity
Incident (2018)
• Background: NASA's Jet Propulsion Laboratory (JPL) experienced a cybersecurity
incident in 2018 that compromised sensitive information related to Mars exploration
missions.
• Cause and Vulnerability Assessment: The attack exploited weaknesses in JPL's network
defenses, possibly through phishing attacks or unauthorized access to IT systems.
Vulnerability assessments and security audits conducted post-incident identified gaps in
network segmentation, outdated software, and inadequate access controls.
• Response and Remediation: JPL responded by initiating a thorough investigation to assess
the extent of the breach and identify vulnerabilities exploited by attackers. Vulnerability
assessments were integrated into JPL's cybersecurity strategy to prioritize remediation
efforts and strengthen defenses.

6
6 of 26
Quiz
1. What is a vulnerability assessment?
2. Which of the following is NOT a type of vulnerability assessment?
A) Network-based assessment
B) Host-based assessment
C) Database assessment
D) Marketing assessment
3. Why is vulnerability assessment important?
4. During a vulnerability assessment, which of the following vulnerabilities might be identified?
A) Unpatched software
B) Strong password policies
C) Well-configured firewalls
D) Efficient data backup processes
5. How often should vulnerability assessments be conducted?

7
7 of 26

? Vulnerability Assessment
No ratings yet
? Vulnerability Assessment
2 pages
02 Comprehensive Vulnerability Assessment and Security Scanning
No ratings yet
02 Comprehensive Vulnerability Assessment and Security Scanning
126 pages
CSD4001-Study Material-Midterm
No ratings yet
CSD4001-Study Material-Midterm
63 pages
01 Vulnerability Analysis
No ratings yet
01 Vulnerability Analysis
94 pages
Day 3
No ratings yet
Day 3
33 pages
VAPT Basic - 1
No ratings yet
VAPT Basic - 1
7 pages
Unit 1
No ratings yet
Unit 1
43 pages
VAPT: Enhancing Cybersecurity
No ratings yet
VAPT: Enhancing Cybersecurity
15 pages
3 Vulnerability Assessment Securing Your Digital Assets
No ratings yet
3 Vulnerability Assessment Securing Your Digital Assets
11 pages
ISACA WP Vulnerability Assessment 1117
100% (2)
ISACA WP Vulnerability Assessment 1117
17 pages
How To VA Step-By-step
No ratings yet
How To VA Step-By-step
18 pages
Vulnerability Management - Cyber Security
No ratings yet
Vulnerability Management - Cyber Security
42 pages
Chapter 5 Vulnerability Analysis
No ratings yet
Chapter 5 Vulnerability Analysis
25 pages
Unit No. 2 Part 2 Vulnerabiltity Assessment
No ratings yet
Unit No. 2 Part 2 Vulnerabiltity Assessment
17 pages
Vulnerability Assessment and Penetration Testing
No ratings yet
Vulnerability Assessment and Penetration Testing
25 pages
Vulnerability Assessment Guide
No ratings yet
Vulnerability Assessment Guide
17 pages
M2 T4
No ratings yet
M2 T4
12 pages
Rapid7 Vulnerability Assessment Buyers Guide
No ratings yet
Rapid7 Vulnerability Assessment Buyers Guide
17 pages
Vulnerability Testing and Server Client Side Attack
No ratings yet
Vulnerability Testing and Server Client Side Attack
34 pages
Unit 2 Question Answer
No ratings yet
Unit 2 Question Answer
8 pages
Eccouncil Ecihv2 1 2 1 What Is Vulnerability Management
No ratings yet
Eccouncil Ecihv2 1 2 1 What Is Vulnerability Management
4 pages
Pen Testing
No ratings yet
Pen Testing
65 pages
Module 2 Assignment 2 Network Vulnerability B
No ratings yet
Module 2 Assignment 2 Network Vulnerability B
9 pages
Web Application Security - Unit 4 Notes
No ratings yet
Web Application Security - Unit 4 Notes
143 pages
Vulnerability Analysis
No ratings yet
Vulnerability Analysis
15 pages
Day2va 121130175145 Phpapp01
No ratings yet
Day2va 121130175145 Phpapp01
24 pages
Vulnerability Analysis
No ratings yet
Vulnerability Analysis
4 pages
Vulnerability Assessment Using Nessus Essentials
No ratings yet
Vulnerability Assessment Using Nessus Essentials
24 pages
An Approach To Vulnerability Management: by Umesh Chavan, CISSP
No ratings yet
An Approach To Vulnerability Management: by Umesh Chavan, CISSP
3 pages
Exploring Vulnerability Assessments and Penetration Testing For Robust Cybersecurity
No ratings yet
Exploring Vulnerability Assessments and Penetration Testing For Robust Cybersecurity
3 pages
Cyber Security Analysis Using Vulnerability Assessment and Penetration Testing
No ratings yet
Cyber Security Analysis Using Vulnerability Assessment and Penetration Testing
5 pages
2.MICRO SYLLABUS - PAVT.v3 (VR20)
No ratings yet
2.MICRO SYLLABUS - PAVT.v3 (VR20)
3 pages
Sy0-701 Lesson 08 Vulnerability Management
No ratings yet
Sy0-701 Lesson 08 Vulnerability Management
34 pages
Vulnerability Assessment
No ratings yet
Vulnerability Assessment
2 pages
Unit - II Cyber Security
No ratings yet
Unit - II Cyber Security
40 pages
Information Security Transformation-Nahil Mahmood-Lecture 117
No ratings yet
Information Security Transformation-Nahil Mahmood-Lecture 117
7 pages
Mse (Vapt)
No ratings yet
Mse (Vapt)
15 pages
Types of Vulnerability Assessments
No ratings yet
Types of Vulnerability Assessments
15 pages
Vulnerability Assessment & Testing Guide
No ratings yet
Vulnerability Assessment & Testing Guide
43 pages
Chap 5 - CEH Course 2024
No ratings yet
Chap 5 - CEH Course 2024
24 pages
Vulnerability Assessment
No ratings yet
Vulnerability Assessment
4 pages
What Is Vulnerability Management
No ratings yet
What Is Vulnerability Management
15 pages
9781845645625002FU1
No ratings yet
9781845645625002FU1
16 pages
Vulnerability Assessment Best Practices
No ratings yet
Vulnerability Assessment Best Practices
25 pages
CSE DAY 4 Module 5
No ratings yet
CSE DAY 4 Module 5
7 pages
Introduction To Vulnerability Checking
No ratings yet
Introduction To Vulnerability Checking
8 pages
Vulnerability Assessment and Penetration Testing: January 2012
No ratings yet
Vulnerability Assessment and Penetration Testing: January 2012
5 pages
Module 3 P
No ratings yet
Module 3 P
56 pages
Shinde2016 (Cyber Security Analysis Using Vulnerability Assessment and Penetration Testing)
No ratings yet
Shinde2016 (Cyber Security Analysis Using Vulnerability Assessment and Penetration Testing)
5 pages
Vol 7 Issue 8 M 03
No ratings yet
Vol 7 Issue 8 M 03
10 pages
Lec 3
No ratings yet
Lec 3
51 pages
Chapter 10
No ratings yet
Chapter 10
54 pages
CEHv10 Module 05 Vulnerability Analysis PDF
No ratings yet
CEHv10 Module 05 Vulnerability Analysis PDF
55 pages
Adversarial Vulnerabililty Assessments
No ratings yet
Adversarial Vulnerabililty Assessments
2 pages
Module 117
No ratings yet
Module 117
7 pages
Vulnerability Assessment Report: © Vista Infosec
No ratings yet
Vulnerability Assessment Report: © Vista Infosec
14 pages
SD-WAN Threat Landscape
No ratings yet
SD-WAN Threat Landscape
24 pages
IT8761-SECURITY LABORATORY-590519304-IT8761 Security Labmanual
No ratings yet
IT8761-SECURITY LABORATORY-590519304-IT8761 Security Labmanual
46 pages
McBrine Daniel Week4
No ratings yet
McBrine Daniel Week4
3 pages
Cs 503 C Cyber Security Jun 2020
No ratings yet
Cs 503 C Cyber Security Jun 2020
4 pages
Oracle Consulting & Advanced Customer Services Security Practices
No ratings yet
Oracle Consulting & Advanced Customer Services Security Practices
4 pages
Developer: Acunetix Security Audit
No ratings yet
Developer: Acunetix Security Audit
11 pages
What Is Dynamic Application Security Testing (DAST) and How Does It Work - Black Duck
No ratings yet
What Is Dynamic Application Security Testing (DAST) and How Does It Work - Black Duck
11 pages
Chapter 7 Operating System Security
No ratings yet
Chapter 7 Operating System Security
5 pages
USEFUL WEBSITES FOR PENTESTERS & HACKERS WPS Office
No ratings yet
USEFUL WEBSITES FOR PENTESTERS & HACKERS WPS Office
3 pages
Final Cns Merged
No ratings yet
Final Cns Merged
60 pages
Orange Pentest Service
No ratings yet
Orange Pentest Service
2 pages
Gmail - Let A Stronger Password Protect Your Accounts
No ratings yet
Gmail - Let A Stronger Password Protect Your Accounts
3 pages
Chapter2 - Account Management
No ratings yet
Chapter2 - Account Management
11 pages
CC Dumps
No ratings yet
CC Dumps
8 pages
IBM Verify Fundamentals Level 2-Quiz
No ratings yet
IBM Verify Fundamentals Level 2-Quiz
16 pages
Cybersecurity Assessment Questionnaires
No ratings yet
Cybersecurity Assessment Questionnaires
4 pages
Mid Semester Examination - Scheme of Evaluation: Vi - Semester B.Tech (Data Science and Engineering)
No ratings yet
Mid Semester Examination - Scheme of Evaluation: Vi - Semester B.Tech (Data Science and Engineering)
13 pages
An Improved Authentication Scheme For Mobile Satellite Communication Systems
No ratings yet
An Improved Authentication Scheme For Mobile Satellite Communication Systems
12 pages
Assignment 1
No ratings yet
Assignment 1
3 pages
IT Patch Management Guide
No ratings yet
IT Patch Management Guide
6 pages
Cyber Security Seminar File
No ratings yet
Cyber Security Seminar File
38 pages
Rewanta Adhikari - CW2 Security in Computing.
0% (2)
Rewanta Adhikari - CW2 Security in Computing.
37 pages
Cloud Computing Security Risks
No ratings yet
Cloud Computing Security Risks
7 pages
Azure Unit - 3
No ratings yet
Azure Unit - 3
22 pages
Network Security Essentials
No ratings yet
Network Security Essentials
11 pages
08 - Block Ciphers
No ratings yet
08 - Block Ciphers
42 pages
Electronic Payment Systems Guide
No ratings yet
Electronic Payment Systems Guide
12 pages
CPP Final Project Avishaker
No ratings yet
CPP Final Project Avishaker
54 pages
02-Introduction To Locks and Keys
100% (3)
02-Introduction To Locks and Keys
66 pages
CWSP-208 Dumps - Certified Wireless Security Professional (CWSP)
No ratings yet
CWSP-208 Dumps - Certified Wireless Security Professional (CWSP)
9 pages