O'Reilly logo

Information Risk Management: A practitioner’s guide by Sutton, David

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

APPENDIX C TYPICAL VULNERABILITIES

Vulnerabilities or weaknesses in or surrounding an asset leave it open to attack from a threat or hazard. This Appendix lists a number of typical vulnerabilities, but it should be understood that there be many more, and that new vulnerabilities, especially in application software, will be discovered on a daily basis. However, this list, based on BS 7799-3: 2006, provides some generic types and is a good starting point for vulnerability analysis. Figure C.1 illustrates these.

ACCESS CONTROL

Access control has two complementary uses: first, to permit access to resources for authorised persons, and, second, to deny access to those resources to unauthorised persons. Failures in access control are very likely to ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required