Educause Security Discussion mailing list archives
Re: Vulnerability vs. Risk Assessments
From: "Flynn, Gerald" <flynngn () JMU EDU>
Date: Thu, 5 Nov 2009 08:12:24 -0500
A vulnerability assessment is determining whether a resource is subject to a loss of confidentiality, integrity, or availability. A risk assessment is determining what, if anything, to do about it. :)
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris Kidd Sent: Wednesday, November 04, 2009 9:03 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Vulnerability vs. Risk Assessments I'm having a hard time articulating the difference between these two types of assessments, so I'm hoping someone can clearly define them. Any thoughts are appreciated. Thanks, Chris Chris Kidd Chief Information Security and Privacy Officer The University of Utah 650 Komas Drive, Suite 102 Salt Lake City, UT 84108 Office: 801.587.9241 Cell: 801.747.9028 chris.kidd () utah edu http://www.secureit.utah.edu
Current thread:
- Vulnerability vs. Risk Assessments Chris Kidd (Nov 04)
- <Possible follow-ups>
- Re: Vulnerability vs. Risk Assessments St Clair, Jim (Nov 04)
- Re: Vulnerability vs. Risk Assessments Mike Waller (Nov 04)
- Re: Vulnerability vs. Risk Assessments Valdis Kletnieks (Nov 04)
- Re: Vulnerability vs. Risk Assessments Gary Dobbins (Nov 04)
- Re: Vulnerability vs. Risk Assessments John Ladwig (Nov 04)
- Re: Vulnerability vs. Risk Assessments Gary Dobbins (Nov 05)
- Re: Vulnerability vs. Risk Assessments Flynn, Gerald (Nov 05)
- Re: Vulnerability vs. Risk Assessments Scott Koger (Nov 05)
- Re: Vulnerability vs. Risk Assessments Eric Case (Nov 05)
- Re: Vulnerability vs. Risk Assessments Chris Vakhordjian (Nov 05)
- Re: Vulnerability vs. Risk Assessments Brad Judy (Nov 05)
- Re: Vulnerability vs. Risk Assessments Valerie Vogel (Nov 05)
- Re: Vulnerability vs. Risk Assessments Basgen, Brian (Nov 05)
- Re: Vulnerability vs. Risk Assessments Hugh Burley (Nov 05)
- Re: Vulnerability vs. Risk Assessments Hugh Burley (Nov 06)