Vulnerability

For a use of the term “vulnerability” in safety of information and computer security, please consult the article Vulnérabilité (data-processing).

In risk management, the vulnerability of a Organization or an geographical area is the weak point of this organization which can be defined by:

  • a object of risk: resource which is in Risque, being able to belong to five classes: human, Technical, Information S, Partner S and Financial S (H, T, I, P, F). An example of object of risk is a Installation classified for environmental protection (ICPE).
  • of the causes: Risk factors or dangers, random events of which supervening deprives the Organization of a resource partially or completely, in a provisional or final way.
  • of the consequences : potential impact. It acts in a general way of the Impact on the attack of the fundamental objectives of the Organization. All are not translatable easily in financial terms, like the maintenance of the Compétence of the company. There exist attempts at evaluation of the Intellectual capital of the companies: Return one Knowledge Employed (ROKE).

Classes of vulnerabilities

The classes of vulnerability according to AFNOR correspond to the five categories of resources:

  • Reached of anybody H
  • Damage with the goods physical and technical T
  • Losses of information I
  • Damage with the partnerships P (resources upstream, side, downstream)
  • Losses of revenue F

With these categories of resources, it is advisable to add resources " gratuites" :

  • the Physical Environment
  • the Political , legal and social environment ,
  • the Competing environment .

Place in the Risk management

The identification of the object of the Risk and the danger (Risk factor) makes it possible to close the phase of identification of the Risque S.

The continuation of the Analyze of the risks takes into account the consequences:

  • Consequences primary education: damage on the Organization itself
  • Effects on the thirds: damage undergone by the thirds and the Environment, which can result in the penal Civil responsibility or and the calling into question of Employé S or leaders
  • Atteintes with the reputation (see Risque of reputation).

Some examples

Compared to the industrial risk

See: classified Installations

The vulnerability of a zone or a given point is the appreciation of the sensitivity of the targets present in the zone at a type of effect given (overpressure of X mbar, pollutant gas with the concentration there during a time T…). For example, one will distinguish from the zones of habitat, of arable land zones, the first being more sensitive than the seconds to a risk of explosion because of the presence of constructions and people. (Circular of the 10/2/03 of the MEDD to the measures of immediate application introduced by law 2003-699 as regards prevention of the technological risks into the classified installations).

Compared to the Risk country

The IMF publishes indicators of vulnerability compared to the country risk.

See: http://www.imf.org/external/np/exr/facts/fre/vulf.htm

Compared to the sensitive informations

The Donnée S data processing are more and more consisted scattered Information S and Document S distributed on various sites and Work stations, which contains the Patrimoine of knowledge (explicit) people and organizations which work in Communautés of practice. This inheritance, sometimes called Capital immaterial (or Intellectual capital), must be protected against the Risques from loss of competence.

In addition, the documents Contractuel S of the company, signed with Partenaire S (customers, suppliers, Bank S, Insurance S) engage the company, by the electronic Signature. The impacts economic S, Environmental and Social of the lines of business on various Recipients, can engage the Responsabilité leaders or employees for the company on the legal level. It is thus necessary to be able to provide the Preuve of the good execution of the terms of a Contrat (Gestion of the proof), and to make sure that various types of Risque S were taken into account, in order to guard against the legal risk, liabilities civil and penal, being able to involve Amende S doors in the event of nonrespect of legal tendencies.

All that requires as a whole to analyze the vulnerability of the organization, and the Information system, which starts with the identification of the sensitive elements:

  • Active S,
  • Information S of all nature, Given S,
etc

See:

  • Data security
  • informational Inheritance

Compared to the Decision-making process

Some Decision-making process can also present vulnerabilities compared to the actions of Influence, because they convey sensitive Connaissance S for the Communauté S which share this knowledge (Gouvernement S, Poles of competitiveness…).

In the absence of a rigorous Management of the Given S divided, information even relatively not very significant (gray), available in open Sources, can be collected by international networks of Influence being able to have Intérêt S different from the organization.

If one has an organization (Registres of metadata) allowing to decipher, with Search engines, Computer's resources Indexée S with Métadonnée S structured in a coherent way, one has a power of very important Influence.

References

  • National defense and collective security , February 2006.

  • Function risk to manage , Catherine Véret, Richard Mékouar, Dunod, 2005.
  • Risk management, 100 questions to include/understand and act, Jean-Paul Louisot, AFNOR and CARM Institute, with the participation of Jacques Lautour.

See too

  • Main risk
  • Safety
  • Risk
  • Threat
  • Risk management
  • Data security
  • economic Intelligence
  • Responsibility sociétale for the companies
  • Recipient

External bond

  • NIMS Methodology Threat Security Méthology, of the company MITER (August 1998) http://www.mitre.org/work/tech_papers/tech_papers_98/nims_information/nims_info.pdf

Other

Simple: Vulnerability

Random links:Bacillus (form) | Watery plant | Gull dew | Tarma | 3Ecole Nationale Sup3erieure of horticulture | Burtrum,_Minnesota