1 00:00:00,210 --> 00:00:07,680 Vulnerability, we all have heard this word very often in these days due to the covid pandemic, and 2 00:00:07,680 --> 00:00:09,810 there are a lot of vulnerabilities now. 3 00:00:09,810 --> 00:00:12,150 What actually is a vulnerability? 4 00:00:13,260 --> 00:00:22,260 Well, weakness of an asset or control that can be exploited by one or more threats is vulnerability. 5 00:00:22,290 --> 00:00:26,520 Now, this definition is according to the IRS or 27000. 6 00:00:26,520 --> 00:00:33,510 That is the information security management systems standard and the defined vulnerability as a weakness 7 00:00:33,510 --> 00:00:34,440 of a system. 8 00:00:35,500 --> 00:00:42,810 It can be it can also be a flaw in the system or a defect through which bad guys can hack a system, 9 00:00:43,230 --> 00:00:51,240 for example, a skill injection cross site scripting or let's say file upload vulnerability, all these 10 00:00:51,240 --> 00:00:53,220 other kinds of vulnerability. 11 00:00:53,220 --> 00:00:57,770 Command injection is a very simple vulnerability to be exploited. 12 00:00:58,290 --> 00:01:06,870 Now, vulnerabilities that don't have corresponding threats may not require controls, but should be 13 00:01:06,870 --> 00:01:10,200 recognized and monitored for the changes. 14 00:01:10,830 --> 00:01:17,310 Controls that get implemented incorrectly or malfunction could become vulnerabilities. 15 00:01:18,390 --> 00:01:25,890 Now, the vulnerability assessment can be complicated by a common interception that the weakness or 16 00:01:25,890 --> 00:01:29,830 shortcomings are always associated with negative characteristics. 17 00:01:30,450 --> 00:01:37,260 Now, many vulnerabilities are indeed negative characteristics as an information system where patches 18 00:01:37,260 --> 00:01:38,340 are not updated. 19 00:01:38,730 --> 00:01:44,100 Now, many organizations have, you know, started having a concern about cybersecurity, and that is 20 00:01:44,100 --> 00:01:48,930 why most of the organizations have started paying attention to their systems. 21 00:01:49,200 --> 00:01:56,550 But earlier, for the last decade or more so, the systems were unpatched and it was a very good vulnerability 22 00:01:56,850 --> 00:01:59,590 for hackers to actually get into the system. 23 00:02:00,390 --> 00:02:07,440 So but in order for you to understand the definition, just make sure that vulnerability is a weakness 24 00:02:07,440 --> 00:02:09,740 of an asset or a flaw in the system. 25 00:02:10,050 --> 00:02:14,040 It's like an open gate for a hacker to enter into the building. 26 00:02:14,050 --> 00:02:16,860 For example, a building is your system. 27 00:02:16,860 --> 00:02:24,020 And if there is an open gate left with no security guard, it is a vulnerability for your software, 28 00:02:24,120 --> 00:02:24,510 right? 29 00:02:25,020 --> 00:02:33,540 So, yes, a defect through which bad guys can hack is definitely on the alert to see the different 30 00:02:33,540 --> 00:02:35,310 types of vulnerabilities. 31 00:02:35,730 --> 00:02:42,330 So the first type of vulnerability can be hardware vulnerabilities like insufficient maintenance or 32 00:02:42,330 --> 00:02:49,170 faulty installation of a storage media or lack of periodic replacement schemes is a type of hardware 33 00:02:50,730 --> 00:02:58,290 software vulnerability that is insufficient software testing, complicated user interface, unpatched 34 00:02:58,290 --> 00:03:06,510 software as malicious software with no license defined, no policies defined is a vulnerability in the 35 00:03:06,510 --> 00:03:09,270 software network vulnerability. 36 00:03:09,630 --> 00:03:13,650 Unprotected Communication Lines is a great example of network. 37 00:03:14,220 --> 00:03:19,560 When there are unpatched routers, then single point of failure. 38 00:03:19,830 --> 00:03:24,840 Insufficient security training is a type of personal vulnerability. 39 00:03:24,870 --> 00:03:31,740 Now you might have seen that many organizations have started having a training sessions of information 40 00:03:31,740 --> 00:03:35,160 security because they discovered pandemic. 41 00:03:35,160 --> 00:03:43,130 All the businesses have started running remotely and that is why there is a need of information security. 42 00:03:43,440 --> 00:03:51,750 That is why people and employees must be trained for network security or cybersecurity in order to prevent 43 00:03:51,750 --> 00:03:59,700 or protect the organizations now site where liberty can be unstable, powergrid or, uh, location of 44 00:03:59,700 --> 00:04:03,030 an area which is susceptible to an earthquake or floods. 45 00:04:03,070 --> 00:04:05,280 That is a kind of physical vulnerability. 46 00:04:06,150 --> 00:04:12,750 And organizational vulnerability can be lack of proper allocation of information, security responsibilities 47 00:04:13,170 --> 00:04:17,550 or lack of information security responsibilities in job descriptions. 48 00:04:18,060 --> 00:04:25,710 Generally these days, when I look for my students, when I am looking to the career development I have 49 00:04:25,710 --> 00:04:31,920 started seeing, many job descriptions have started, including the term security or information security 50 00:04:31,920 --> 00:04:38,190 standards must have relevant experience or must have knowledge when it comes to information security. 51 00:04:38,760 --> 00:04:41,130 Now that is why this trend has been increasing. 52 00:04:41,130 --> 00:04:44,700 So I think this course is going to be the wonderful course for you. 53 00:04:45,060 --> 00:04:49,470 So make sure you listen properly and complete this course till the end. 54 00:04:49,830 --> 00:04:51,830 And don't forget to share your feedback. 55 00:04:52,350 --> 00:04:57,390 So by now we have learned different types of vulnerabilities. 56 00:04:57,690 --> 00:04:59,550 We have learned the CIA tried. 57 00:04:59,990 --> 00:05:06,740 We know what what is confidentiality, integrity and availability, and most importantly, we have defined 58 00:05:07,070 --> 00:05:09,110 the term information security. 59 00:05:09,530 --> 00:05:12,170 Now let's move forward with a threat. 60 00:05:12,440 --> 00:05:13,820 What is a threat?