Description should include
- defining the term vulnerability as a weakness that allows an attacker to reduce a system’s information assurance
- understanding that a large number of vulnerabilities historically have been through flaws in software
- describing elements that make a system vulnerable
- a system susceptibility or flaw
- attacker access to the flaw
- attacker capability to exploit the flaw
- explaining the effect of a vulnerability on a system (i.e., compromised confidentiality, integrity, or availability of resources)
- discussing flaws in software that can lead to vulnerabilities, such as
- buffer overflow or broken authentication and session management
- injection vulnerabilities
- input validation
- privilege confusion
- evaluating vulnerabilities as they relate to
- physical facilities and the environment of the system or personnel working with the system
- operational procedures, including security measures
- business operations
- hardware
- software
- communication equipment and network (individually or in combination).
Teacher Resources: