What is it?
A vulnerability is a flaw or weakness within a system that can be exploited by Threats to cause loss or harm however they can be mitigated via Controls
Information Security
Within Information Security a vulnerability is some form of weakness or flaw within the information system, either in the design, implementation, or procedures that can be exploited by Threats to cause loss or harm to a individual or organisation but can be mitigated via the use of Controls
This can be visualized using a dam, where the dam has a crack that will let the water passthrough (which in this case would the Threats) and the way to prevent this is to fix the crack (which would be the Controls)
Classes of Vulnerabilities
These classes can be applied to any Assets which provides distinction to vulnerabilities:
-
Interception
Interception with the context of Vulnerabilities simply means that a unauthorized party has gained access to Assets
Link to originalCircular transclusion detected: Zettel/Interception
-
Interruption
Interruption is when Assets become lost, unavailable, or unusable which in turn breaks The CIA Triad as both Availability and Integrity are lost, Assets can’t be accessed and isn’t kept whole.
Link to originalCircular transclusion detected: Zettel/Interruption
-
Modification
Modification means that an unauthorized party or entity changed or altered an Assets which breaks the principle of The CIA Triad as it breaks the fundamental concept of Integrity because Assets as are being changed by unauthorized entities
Link to originalCircular transclusion detected: Zettel/Modification
Circular transclusion detected: Zettel/Modification
-
Fabrication
Fabrication means that an unauthorized party or entity creates fake Assets, this just like modification also breaks Integrity, a fundamental within The CIA Triad as Assets aren’t being kept whole.
Link to originalCircular transclusion detected: Zettel/Fabrication