72 - Vulnerabilities and Incident Response
A weakness in a system that may be exploited to carry out an attack
Vulnerabilities can be unintentional (bugs,flaws) or intentional (backdoors)
What these vulnerabilities impact, one of three, Technology, Organization or Human
Bugs can arise from People, Procedures or Tools, e.g. inexperience, misuse or damaged/unsuitable tools
Lack of education, ignorance(human), insufficient coverage or misconceptions
Vulnerability Assessment & Penetration Testing
Backdoors can be unintentional, though they are still vulnerabilities
Protocol for responding to security events. Mix of talents suitable for the threat, with each team having the leader CISO (Chief Information Security Officer)