Vulnerabilities
Conducting a Business Continuity Risk Assessment requires individual vulnerabilities, that might increase the organisation’s exposure to certain threats, to be identified. A vulnerability is defined as:
“A weakness in a resource or group of resources that can be exploited by one or more threats.”
Adding vulnerabilities
Vulnerabilities are added at an entity level. To manage entity vulnerabilties, select "Identify Vulnerabilities" from the entity workflow.Vulnerabilities can only be modified when the vulnerability assessment is unlocked. To do this, click “Modify the Vulnerability Assessment” in the sidebar. Additional vulnerabilities can now be added by clicking the “Add vulnerability” link. Vulnerabilities can also be added from the Abriska “Vulnerability Library” which contains template examples of vulnerabilities. Once all of the vulnerabilities have been added, to progress onto the next stage of the risk assessment, click “Complete Vulnerability Assessment”.
When initially adding a vulnerability, only the name and description fields are required. The reference will be automatically generated by Abriska depending on the next available reference number. Once a vulnerability is added, it needs to be classified in terms of vulnerability type, what resources it is linked to, and which threats it affects. Vulnerability types are explained below, see Conducting a Business Continuity Risk Assessment for an explanation of how to link vulnerabilities with resources and threats.