Vulnerability Assessment and Physical Security
A vulnerability assessment framework in cybersecurity operations provides the complete evaluation of potential and existing vulnerabilities within an organization, which aims at improving security posture outcomes (Rahalkar, 2018). The evaluation of potential vulnerabilities is useful for identifying and preventing the exploitation of any existing information system vulnerabilities. The main objective for carrying out a vulnerability assessment is to identify cybersecurity weaknesses while testing the extent of potential exploitation of network security. The vulnerability framework also consists of testing organization’s compliance to security policy and its ability to respond and identify cyber security incidents. The components for vulnerability assessments consists of internal and external vulnerability assessments, wireless and social engineering assessments, physical security, application and database vulnerability assessment.
The implications of assessing vulnerability of physical security operation include identification of risks and vulnerabilities in network infrastructures, mobile and web applications (Rahalkar, 2018). Also, vulnerability assessments are useful in validating current security safeguards while quantifying the risk to confidential information and internal systems. Vulnerability assessment also remediates steps for preventing future attacks and detecting existing flaws. Moreover, vulnerability assessments also validate the effectiveness of security and system upgrades. Additionally, assessing the vulnerability of physical security operations protects the integrity of assets from any existing malicious code. Finally, vulnerability assessment helps in achieving and maintaining compliance with applicable federal and international regulations.
Vulnerability assessments are unpredictable, volatile and explosive due to prevalence of binary and absolutist view of security (Johnson & Garcia, 2002). For instance, many information systems personnel believe security systems, device or programs are either secure or insecure. However, in reality security of organizations physical security assets is a continuum since no security system is completely insecure or fully secure. Hence, vulnerability of physical security operations will always exists and may not be fully eliminated or understood. Moreover vulnerability assessments of physical operations are quite complex due to lacks of useful standards on how to conduct vulnerability assessment. Time and finding is often limited given that security attacks on program and devices may not be constrained.
Another complication in vulnerability assessment of physical security is the lack of clear cut end point for discovery of best attacks on an organization’s assets (Johnson & Garcia, 2002). For instance, best attacks on a security system may be discovered on a later date or may never be discovered. Also defeating a security system, program or device is a matter of probability. For example, a subtle attack may not always succeed also crude attacks may not always fail. Moreover, since security programs and devices rely on social engineering methods and false alarming for detection of cyber attacks, vulnerability assessors find it difficult to model, observe and replicate these attacks.
References
Johnson, R. G., & Garcia, A. R. (2002). Effective vulnerability assessments for physical security devices, systems, and programs (No. LA-UR-02-5545). Los Alamos National Lab., NM (US).
Top of Form
Rahalkar, S. (2018). Network Vulnerability Assessment: Identify Security Loopholes in Your Network’s Infrastructure. Birmingham: Packt Publishing Ltd.
Bottom of Form