104 Vulnerability Assessment Criteria for Multi-purpose Projects

What is involved in Vulnerability Assessment

Find out what the related areas are that Vulnerability Assessment connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a Vulnerability Assessment thinking-frame.

How far is your company on its Vulnerability Assessment journey?

Take this short survey to gauge your organization’s progress toward Vulnerability Assessment leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.

To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.

Start the Checklist

Below you will find a quick checklist designed to help you think about which Vulnerability Assessment related domains to cover and 104 essential critical questions to check off in that domain.

The following domains are covered:

Vulnerability Assessment, Communication, Disaster management, Energy supply, Information technology, Risk analysis, Risk assessment, Transportation, Vulnerability, Vulnerability index, Vulnerability scanner, Water supply:

Vulnerability Assessment Critical Criteria:

Examine Vulnerability Assessment management and check on ways to get started with Vulnerability Assessment.

– Does your organization perform vulnerability assessment activities as part of the acquisition cycle for products in each of the following areas: Cybersecurity, SCADA, smart grid, internet connectivity, and website hosting?

– At what point will vulnerability assessments be performed once Vulnerability Assessment is put into production (e.g., ongoing Risk Management after implementation)?

– At what point will vulnerability assessments be performed once the system is put into production (e.g., ongoing risk management after implementation)?

– Has your organization conducted a cyber risk or vulnerability assessment of its information systems, control systems, and other networked systems?

– Are there any disadvantages to implementing Vulnerability Assessment? There might be some that are less obvious?

– Who is the main stakeholder, with ultimate responsibility for driving Vulnerability Assessment forward?

– Do you have an internal or external company performing your vulnerability assessment?

– What are the Essentials of Internal Vulnerability Assessment Management?

Communication Critical Criteria:

Meet over Communication tasks and raise human resource and employment practices for Communication.

– Do we cover the five essential competencies-Communication, Collaboration,Innovation, Adaptability, and Leadership that improve an organizations ability to leverage the new Vulnerability Assessment in a volatile global economy?

– You need to ask yourself two questions and organize contingency plans around them: what if? Next, think through how you would handle a crisis organizationally. to whom do you go to get the facts?

– Are interdependent service providers (for example, fuel suppliers, telecommunications providers, meter data processors) included in risk assessments?

– Do you participate in sharing communication, analysis, and mitigation measures with other companies as part of a mutual network of defense?

– Does the committee responsible for risk have direct communication with the finance function and with staff who have time to ask what if?

– Do you have enough focus on ITRM documentation to help formalize processes to increase communications and integration with ORM?

– What are your public relations problems and opportunities based on the product/program and consumer lifecycles?

– Does your government have adequate policies to protect confidential electronic data / communications?

– Review the overall effect of communication courses: What do students really think?

– What do public relations professionals need to do to become excellent leaders?

– It supports conviction and purchase by asking so, are you ready to connect?

– How should we establish our marketing communications budget?

– Measurement – how will the impact be assessed afterwards?

– What is the nature of our middlemen or the trade?

– Why do we need an advertising strategy at all?

– Are we sure the target audience is watching?

– Media – which vehicles to use?

– Articles youd planned on?

Disaster management Critical Criteria:

Track Disaster management adoptions and simulate teachings and consultations on quality process improvement of Disaster management.

– How do we know that any Vulnerability Assessment analysis is complete and comprehensive?

– How will you know that the Vulnerability Assessment project has been successful?

– How much does Vulnerability Assessment help?

Energy supply Critical Criteria:

Mine Energy supply failures and catalog Energy supply activities.

– How does the organization define, manage, and improve its Vulnerability Assessment processes?

– Are there Vulnerability Assessment Models?

– Is Vulnerability Assessment Required?

Information technology Critical Criteria:

Guide Information technology management and get the big picture.

– Does your company have defined information technology risk performance metrics that are monitored and reported to management on a regular basis?

– Do the response plans address damage assessment, site restoration, payroll, Human Resources, information technology, and administrative support?

– If a survey was done with asking organizations; Is there a line between your information technology department and your information security department?

– How does new information technology come to be applied and diffused among firms?

– The difference between data/information and information technology (it)?

– Are accountability and ownership for Vulnerability Assessment clearly defined?

– When do you ask for help from Information Technology (IT)?

– Are we Assessing Vulnerability Assessment and Risk?

– What threat is Vulnerability Assessment addressing?

Risk analysis Critical Criteria:

Illustrate Risk analysis engagements and create a map for yourself.

– How do risk analysis and Risk Management inform your organizations decisionmaking processes for long-range system planning, major project description and cost estimation, priority programming, and project development?

– What levels of assurance are needed and how can the risk analysis benefit setting standards and policy functions?

– In which two Service Management processes would you be most likely to use a risk analysis and management method?

– How does the business impact analysis use data from Risk Management and risk analysis?

– How do we do risk analysis of rare, cascading, catastrophic events?

– With risk analysis do we answer the question how big is the risk?

– How can you measure Vulnerability Assessment in a systematic way?

– Is the scope of Vulnerability Assessment defined?

Risk assessment Critical Criteria:

Generalize Risk assessment tactics and intervene in Risk assessment processes and leadership.

– Do we have a a cyber Risk Management tool for all levels of an organization in assessing risk and show how Cybersecurity factors into risk assessments?

– Is the risk assessment approach defined and suited to the ISMS, identified business information security, legal and regulatory requirements?

– Are standards for risk assessment methodology established, so risk information can be compared across entities?

– Are standards for risk assessment methodology established, so risk information can be compared across entities?

– What core IT system are you using?  Does it have an ERM or risk assessment module; and if so, have you used it?

– With Risk Assessments do we measure if Is there an impact to technical performance and to what level?

– How frequently, if at all, do we conduct a business impact analysis (bia) and risk assessment (ra)?

– What operating practices represent major roadblocks to success or require careful risk assessment?

– Is the priority of the preventive action determined based on the results of the risk assessment?

– How does your company report on its information and technology risk assessment?

– Who performs your companys information and technology risk assessments?

– How often are information and technology risk assessments performed?

– Do you use any homegrown IT system for ERM or risk assessments?

– Are regular risk assessments executed across all entities?

– Are regular risk assessments executed across all entities?

– What drives the timing of your risk assessments?

– Do you use any homegrown IT system for risk assessments?

– Are risk assessments at planned intervals reviewed?

– What triggers a risk assessment?

Transportation Critical Criteria:

Co-operate on Transportation outcomes and sort Transportation activities.

– What other organizational variables, such as reward systems or communication systems, affect the performance of this Vulnerability Assessment process?

– Are adequate facilities used for transportation, storage and calibration of all tools, gauges and test equipment?

– Do we understand the mechanisms and patterns that underlie transportation in our jurisdiction?

– Do we understand public perception of transportation service delivery at any given time?

– What are the barriers to increased Vulnerability Assessment production?

– Does your long-range transportation plan address access management?

– Why are Vulnerability Assessment skills important?

Vulnerability Critical Criteria:

Examine Vulnerability management and know what your objective is.

– What type and amount of resources does the system develop inherently and what does it attract from the close and distant environment to employ them consequently in the resilience process?

– Are there multiple physical security controls (such as badges, escorts, or mantraps) in place that would prevent unauthorized individuals from gaining access to the facility?

– How do you protect against attack when you have a standard infrastructure and the same vulnerability exists in many places across that infrastructure?

– Please explain your business role in the payment flow. how and in what capacity does your business store, process and/or transmit cardholder data?

– Are account numbers (in databases, logs, files, backup media, etc.) stored securely for example, by means of encryption or truncation?

– Are all changes to the production environment and applications formally authorized, planned, and logged before being implemented?

– Under what assumptions do we use to provide the number of hours that will be used for the security policy reviews?

– Does the provider extend their vulnerability and configuration management process to the virtualization platform?

– How and how much Resilience functions performed by a particular system impact own and others vulnerabilities?

– Are vendor default security settings changed on production systems before taking the system into production?

– Is there an incident response team ready to be deployed in case of a cardholder data compromise?

– Are all critical system clocks and times synchronized, and do logs include date and time stamp?

– What are the different layers or stages in the development of security for our cloud usage?

– Are group, shared, or generic accounts and passwords prohibited for non-consumer users?

– Is all access to cardholder data, including root/administration access, logged?

– Do changes to the firewall need authorization and are the changes logged?

– What is involved in this process?

– Who is accountable and by when?

– What is my real risk?

Vulnerability index Critical Criteria:

Conceptualize Vulnerability index results and explore and align the progress in Vulnerability index.

– Think about the people you identified for your Vulnerability Assessment project and the project responsibilities you would assign to them. what kind of training do you think they would need to perform these responsibilities effectively?

– Do several people in different organizational units assist with the Vulnerability Assessment process?

Vulnerability scanner Critical Criteria:

Mine Vulnerability scanner engagements and find answers.

– Where do ideas that reach policy makers and planners as proposals for Vulnerability Assessment strengthening and reform actually originate?

– For host vulnerability scanners, do we require agents to be installed on each host?

– Do Vulnerability Assessment rules make a reasonable demand on a users capabilities?

Water supply Critical Criteria:

Recall Water supply risks and diversify by understanding risks and leveraging Water supply.

– Risk factors: what are the characteristics of Vulnerability Assessment that make it risky?


This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the Vulnerability Assessment Self Assessment:


Author: Gerard Blokdijk

CEO at The Art of Service | http://theartofservice.com



Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.

External links:

To address the criteria in this checklist, these selected resources are provided for sources of further research and information:

Vulnerability Assessment External links:

External Network Vulnerability Assessment | FRSecure

Energy supply External links:

Energy supply (Book, 2012) [WorldCat.org]

Mace Energy Supply-Smithsburg, Maryland

Energy Supply Options | Ameren Illinois

Information technology External links:

Rebelmail | UNLV Office of Information Technology (OIT)

OHIO: Office of Information Technology |About Email

SOLAR | Division of Information Technology

Risk analysis External links:

What is Risk Analysis? – Definition from Techopedia

Risk analysis (eBook, 2015) [WorldCat.org]

Risk analysis (Book, 1998) [WorldCat.org]

Risk assessment External links:

Home | Oklahoma Risk Assessment

Healthy Life HRA | Health Risk Assessment

Ground Risk Assessment Tool – United States Army …

Transportation External links:

U.S. Department of Transportation – Official Site

Transportation Security Administration

Vulnerability External links:

Vulnerability Management & Risk Intelligence | Kenna Security

Municipal Vulnerability Preparedness Program | Mass.gov

Application Vulnerability Scanner

Vulnerability index External links:

ATSDR – The Social Vulnerability Index (SVI) – Home Page

The Vulnerability Index – Blog

Social Vulnerability Index 2010 (Census Tracts)

Vulnerability scanner External links:

Application Vulnerability Scanner

Free IoT Vulnerability Scanner (RIoT) – BeyondTrust

Vega Vulnerability Scanner

Water supply External links:

Cross Timbers Water Supply Corporation

Household Water Supply Shortage Reporting System

Home – North Alamo Water Supply Company