DERM - MODULE 2
Vulnerability Assessment Tool (V.A.T.)
An effective risk management process cannot be separated from a well-structured risk assessment methodology, which is key to mitigating the influence of subjective factors. Vulnerability assessment is a very important phase within the risk management process, as it is the basis for mitigation measures and effective and well-balanced business strategies.
The Vulnerability Assessment Tool (VAT) provides a deterministic assessment of the gaps affecting active and passive security systems and asset protection policies, reducing human bias and making analysis as comprehensive and standardised as possible.
Through the operationalisation of standards (IEC and ISO) and international best practices, the V.A.T. system sets, for each of the domains taken into consideration, a benchmark against which to identify and measure any security system gaps. A quantitative approach combining different types of risk in a single process (through a specific standardisation process) makes asset vulnerabilty analysis less fragmented than it normally is.
The V.A.T. methodology is based on different questionnaires to be used for each section examined (i.e. checklists), with closed-ended questions varying based on the level of threat and the type of asset being assessed. Thanks to checklist customisation, the V.A.T. system provides fact-based and detailed assessments.
By aggregating the scores resulting from each of the answers provided and through a specific calculation algorithm, the VAT returns a single value showing the vulnerability of an asset, i.e. its resilience to previously identified potential threats.
Expressing the vulnerability level of a given asset with a number helps comparison in both synchronous (between multiple assets) and diachronic (for the same asset in two distinct moments) terms. This allows organisations to measure how effective their mitigation policies are and set targeted and objective strategies.