A vulnerability assessment is conducted to determine the weaknesses inherent in the information systems that could be exploited leading to information system breach. Vulnerability assessment should apply to all information systems and system components of a given organization. The scope Includes:
- Mainframes, servers and other devices that provide centralized computing capabilities.
- SAN, NAS and other devices that provide centralized storage capabilities.
- Desktops, laptops and other devices that provide distributed computing capabilities.
- Routers, switches and other devices that provide network capabilities.
- Firewalls, IDP sensors and other devices that provide dedicated security capabilities.