Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vulnerability vs. Risk Assessments

From: "Flynn, Gerald" <flynngn () JMU EDU>
Date: Thu, 5 Nov 2009 08:12:24 -0500
A vulnerability assessment is determining whether a resource is
subject to a loss of confidentiality, integrity, or availability.

A risk assessment is determining what, if anything, to do about it. :)




-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris Kidd
Sent: Wednesday, November 04, 2009 9:03 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Vulnerability vs. Risk Assessments

I'm having a hard time articulating the difference between these two
types of assessments, so I'm hoping someone can clearly define them.
Any thoughts are appreciated.

Thanks,
Chris

Chris Kidd
Chief Information Security and Privacy Officer
The University of Utah
650 Komas Drive, Suite 102
Salt Lake City, UT 84108
Office: 801.587.9241
Cell: 801.747.9028
chris.kidd () utah edu

http://www.secureit.utah.edu
Previous By Date Next
Previous By Thread Next

Current thread: