ABSTRACT
In simple terms, vulnerabilities are opportunities. More precisely, vulnerabilities are weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset. Vulnerabilities include structural, procedural, electronic, human, and other elements which provide opportunities to attack assets. Vulnerabilities can be categorized as physical, technical, or operational. Physical vulnerabilities may include structural characteristics of the facility, geographic location of facility, location of assets within the facility, strength of access control measures, and illumination levels, among others. Technical vulnerabilities may include equipment properties, network weaknesses, susceptibility to eavesdropping and other electronic surveillance, effectiveness of locks, and the type and number of cameras. Operational vulnerabilities may include policies, procedures, practices, and personnel actions and behavior.
