Assessing Vulnerabilities

Vulnerabilities are the characteristics of an asset s, system s, or network s design, location, security posture, process, or operation that render it susceptible to destruction, incapacitation, or exploitation by mechanical failures, natural hazards, or terrorist attacks or other malicious acts. Vulnerability assessments identify areas of weakness that could result in consequences of concern, taking into account intrinsic structural weaknesses, protective measures, resiliency, and redundancies. 

---

Feature 3. Assess vulnerabilities and periodically review and update vulnerability assessments to reflect changes in potential threats and vulnerabilities. 

Source Information obtained from Landesman, L (2001). Chapter 5 Hazard assessment, vulnerability analysis, risk assessment and rapid heaith assessment In Public health management of disasters The practice guide. Washington, DC American Pubiic Heaith Association. The author gratefully acknowledges Dr. Linda Landesman and the American Public Heaith Association for permission to reproduce this work. 

Chemical Vulnerability Assessment. Vulnerability analysis is a systematic method for estimating friendly casualties and/or consequences from enemy or terrorist chemical attacks. The end state of vulnerability analysis is the recommendation to the commander on vulnerability reduction measures and to provide the information needed to make decisions concerning the acceptable level of risk in mission accomplishment. 

There is a need for methodologies for assessing vulnerabilities in maritime supply chains, which allows for systematic and transparent identification and mitigation of vulnerabilities. Given that supply chains are increasingly complex and are depending on a munber of participants and external factors, getting a reahstic overview of potential threats to the supply chain is a considerable task. 

Red team—A technique for assessing vulnerability that involves viewing a potential target from the perspective of an attacker to identify its hidden vulnerabilities and to anticipate possible modes of attack. 

Risk Assessment, Requires cost/benefit analysis, risk assessment, vulnerable population impact assessment, and development of public information... 

Committee on Assessing Vulnerabilities Related to the Nation s Chemical Infrastructure -National Research Council. Terrorism and the chemical infrastructure protecting people and reducing vulnerabilities, vol. 152. Washington, DC The National Academies Press 2006. 

According to M. Barzilay of ISACA Cyber security is the sum of efforts invested in addressing cyber risk... From an ISA point of view, security issue refers to the prevention of illegal or unwanted penetration, intentional or unintentional interference with the proper and intended operation, or inappropriate access to confidential information in industrial automation and control systems [17]. Cyber security therefore is mainly concerned with protection against unauthorized access (intentional or unintentional) to save data and information systems from theft or damage to prevent the system from any disruption of operation and unwanted functioning of the system. lEC/lSA 62443 (formerly ISA 99) is the relevant standard. Many propose to treat cyber risks as physical risks, that is, to check and assess vulnerability, frequency of occurrence, consequences, etc. 

Vulnerability check is a very important assessment. Vulnerability assessment requires checks at entry points, architecture, and current protective measures. Introduction of information technology (IT) components into industrial controls further complicates the situation. Deployment of wireless and remote control technologies coupled with... 

Committee on Assessing Vulnerabilities Related to the Nation s Chemical Infrastructure... 

Any of the modeling/simulation approach can be used in the reliability analysis when the stochastic nature of the system components is represented and when the target system state is identified and assessed. Vulnerability analysis and system planning rely on the characterization of system functionality hybridization of CN theory, SD, DS, IIM and ABM approaches is suitable in this step. Resilience analysis and optimization of the operations require modeling time-dynamics, transitions between discrete states, adaptation and recovery in the systems hybridization of CN theory, IIM and ABM approaches is suitable in this step. 

Lee, E.E., Mitchell, J., Wallace, W. Assessing vulnerability of proposed designs for interdependent infrastructure systems. In Proceedings of the 37th Annual Hawaii International Conference on System Sciences (January 2004)... 

The starting point for a liquefaction resistance is the adequacy in overall stability of the proposed works that is, susceptibility to mass-movement of the hydraulic fill (flow shdes). Two approaches are followed in assessing vulnerability to large deformations i) to evaluate the type of stress-strain response of the fill to check that it is not brittle (i.e. to avoid post-peak strength loss in undrained loading) and/or, ii) to use post-liquefaction (residual) strengths in a limit equilibrium analysis to check that FS > 1 for overall stabihty with these minimum assured undrained strengths. 

Byres, E.J., Franz, M., Miller, D. The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems. In International Infrastructure Survivability Workshop (IISW 2004). IEEE (2004)... 

Abstract. Improving the security of computing systems embedded into commercial airplanes has become a major concern for the avionics industry. This paper deals with one of the techniques that can be applied to improve the security of such systems vulnerability assessment. More precisely, this paper presents experiments carried out on an experimental embedded operating system in order to assess vulnerabilities in its low-level implementation layers. The main characteristics of this embedded system, the platform used to carry out our experiments, as well as the first results of these experiments are described. 

Assess vulnerabilities of their systems to expected earthquakes. 

---