Vulnerabilities are flaws that create weaknesses in the overall information assurance of the system or network. This appendix will provide a general overview of types of vulnerabilities and the nature/effect of those vulnerabilities.
NOTE This list is inspired by and adapted from the BSI (Bundesamt für Sicherheit in der Informationstechnik) threat list.
An organization that has poor planning and implementation habits introduces vulnerabilities. Throughout the organizational planning process, you should make sure information assurance is kept in the list of high-importance items. The following are the vulnerabilities in this category:
Technical vulnerabilities are frequently derived from managerial shortcomings. For example, the first vulnerability points to a failure to plan; however, this yields technical vulnerabilities. The following are the vulnerabilities in this category:
Vulnerabilities are introduced by having poor policies or good policies that do not have sound supporting procedures. Technology will fail if it is not supported by policies, procedures, and people. The following are the vulnerabilities in this category: