Information, Articles, Tools, and Useful LinksCommittee Listings, Member Forums, and Find a CITPInformation on AICPA Tech. Conference, Seminars, Webcasts, and ConferencesIT Section Membership Information, CITP Credential Information, Members Only Tools and Communications, and MorePublications, CPE, Conferences, and Webcasts
 
Search
 

Search Options
Infotech Home > Resources > System Security & Reliability > Security > Vulnerability Assessment

Vulnerability Assessment

The annual CSI/FBI Computer Crime and Security Survey's results of security incidents and attacks over a five-year period (1999–2003) indicate that more than half of the respondents incurred an unauthorized use of computer systems within the last 12 months of the years reported. In 2003 alone, 82 percent of respondents had attacks that originated from independent hackers, 77 percent came from disgruntled employees, 79 percent originated from the Internet and 30 percent were from internal systems.

 

Common Vulnerabilities and Exposures
Common Vulnerabilities and Exposures (CVE®) is a list or dictionary of publicly known information security vulnerabilities and exposures international in scope and free for public use. CVE's common names facilitate the exchange of vulnerability information across security advisories, tools, databases, and services that did not exist prior to the creation of CVE. Learn More>>
What Is OVAL?
OVAL provides a baseline method for performing vulnerability assessments on local computer systems. Learn More>>
Managing and Auditing IT Vulnerabilities
This guide from the Institute of Internal Auditors (IIA) was developed to help Chief Audit Executives (CAEs) and internal auditors better assess the effectiveness of an organization’s internal vulnerability management procedures. It proposes criteria for identifying high- and low performing organizations, and recommends specific IT management practices intended to help organizations increase the effectiveness and efficiency of their vulnerability management efforts. Learn More>>