Vulnerability Analysis In Business Unit

Abstract

Nowadays, risk management is one of the fundamental tools for protecting the assets of business corporations. In this article, we delve into a comparison of vulnerability analyses that took place in a specific organization in the financial sector during two periods when data was collected for the article. The first period was in 07/22 and the second in 03/23. The starting point for the vulnerability analysis was the ISO/IEC 27007 concept, and the main tool for its implementation was Microsoft Center Configuration Manager. Standard tools and functions of Microsoft Excel were used for calculations on the obtained data. For more complex analyses, the programming language R was primarily used. The vulnerability of assets in the organization was then measured on a scale from 1 to 10, where values from 8 to 10 represented critical vulnerabilities. The results of the analysis showed in the first period the use of unauthorized software, a large number of vulnerabilities immediately after the installation of the software and therefore a poor use of the additional installation of security patches. Only 22% of secure computers in the organization were identified. The subsequent second period showed a very substantial improvement in the protection of the organization's assets - 85% of secure computers. The result of our research is clear evidence of the need for regular risk analysis associated with the analysis of the vulnerabilities of an organization's assets. The main causes of the increase in vulnerability or its changes may be software updates or the emergence of new threats in cyberspace.