APPENDIX C TYPICAL VULNERABILITIES
Vulnerabilities or weaknesses in or surrounding an asset leave it open to attack from a threat or hazard. This Appendix lists a number of typical vulnerabilities, but it should be understood that there be many more, and that new vulnerabilities, especially in application software, will be discovered on a daily basis. However, this list, based on BS 7799-3: 2006, provides some generic types and is a good starting point for vulnerability analysis. Figure C.1 illustrates these.
ACCESS CONTROL
Access control has two complementary uses: first, to permit access to resources for authorised persons, and, second, to deny access to those resources to unauthorised persons. Failures in access control are very likely to ...
Get Information Risk Management: A practitioner’s guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
