Menu
: Home : Terminology : Best Practice : : COBIT : : ISO 27002 (ISO 17799) : : ISO 27001 : : ISO 27000 Series : : ISO 20000 - ITIL : : COSO : : Info Security Policy : : Security Domains : SOX : Links : : Organisations : : Standards Orgs : : Audit Links : : Security Links : The News Page : Your IP Address : Contact : Legal Disclaimer
Search

Definitions and Terminology

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

vulnerability

a weakness of an asset or group of assets that can be exploited by one or more threats

source: ISO17799:2005 and ISO27002:2005

a weakness of an asset or group of assets that can be exploited by one or more threats

source: ISO13335-1, 2004

A flaw in a computer or network that leaves it susceptible to potential exploitation such as via unauthorized use or access. Vulnerabilities include, but are not limited to, weaknesses in security procedures, administrative or internal controls, or physical configuration, or features or bugs that enable an attacker to bypass security measures.

source: D. Schweitzer, 2003, Incident Response: Computer Forensics Toolkit

A weakness that could be exploited by a Threat. For example an open firewall port, a password that is never changed, or a flammable carpet. A missing Control is also considered to be a Vulnerability.

source: ITIL v3, Service Design, 2007

Something missing on this page? Let us know