Risk identification and validation are the factors that need to be taken into account when assessing vulnerability. A vulnerability is a weakness or a flaw in a system or an application that can be exploited by an attacker to compromise the security or the functionality of the system or the application. Vulnerability assessment is the process of identifying, analyzing, and evaluating the vulnerabilities that may affect the system or the application. Vulnerability assessment is part of the risk management process, which is the process of identifying, assessing, and mitigating the risks that may affect the organization’s information systems and assets. Risk identification and validation are the steps in the risk management process that involve identifying the potential sources and causes of risk, such as threats, vulnerabilities, and impacts, and validating the accuracy and the relevance of the risk information. Risk identification and validation can help determine the scope and the priority of the vulnerability assessment, and ensure that the vulnerability assessment results are consistent and reliable. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1: Security and Risk Management, page 5. CISSP Practice Exam – FREE 20 Questions and Answers, Question 16.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit