A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Examples of systems for which vulnerability assessments are performed include, but are not limited to, information technology systems, energy supply systems, water supply systems, transportation systems, and communication systems. Such assessments may be conducted on behalf of a range of different organizations, from small businesses up to large regional infrastructures. Vulnerability from the perspective of disaster management means assessing the threats from potential hazards to the population and to infrastructure.

It may be conducted in the political, social, economic or environmental fields.

Vulnerability assessment has many things in common with risk assessment. Assessments are typically performed according to the following steps:

  1. Cataloging assets and capabilities (resources) in a system.
  2. Assigning quantifiable value (or at least rank order) and importance to those resources
  3. Identifying the vulnerabilities or potential threats to each resource
  4. Mitigating or eliminating the most serious vulnerabilities for the most valuable resources

"Classical risk analysis is principally concerned with investigating the risks surrounding a plant (or some other object), its design and operations. Such analysis tends to focus on causes and the direct consequences for the studied object. Vulnerability analysis, on the other hand, focuses both on consequences for the object itself and on primary and secondary consequences for the surrounding environment. It also concerns itself with the possibilities of reducing such consequences and of improving the capacity to manage future incidents." (Lövkvist-Andersen, et al., 2004) In general, a vulnerability analysis serves to "categorize key assets and drive the risk management process." (United States Department of Energy, 2002).

In the United States, guides providing valuable considerations and templates for completing a vulnerability assessment are available from numerous agencies including the Department of Energy, the Environmental Protection Agency, and the United States Department of Transportation.

Several academic research papers including Turner et al. (2003), Ford and Smith (2004), Adger (2006), Fraser (2007) and Patt et al. (2010) amongst others, have provided a detail review of the diverse epistemologies and methodologies in vulnerability research. Turner et al. (2003)

This effort has identified key service providers which have been technically reviewed and vetted to provide these advanced services. This GSA service is intended to improve the rapid ordering and deployment of these services, reduce US government contract duplication, and to protect and support the US infrastructure in a more timely and efficient manner.

132-45D Risk and Vulnerability Assessment identifies, quantifies, and prioritizes the risks and vulnerabilities in a system. A risk assessment identifies recognized threats and threat actors and the probability that these factors will result in exposure or loss.

Vulnerability to climate change

See also

  • Vulnerability
  • Vulnerability index
  • Vulnerability scanner
  • Vulnerability assessment (computing)

References

  1. <small> Handbook of International Electrical Safety Practices </small>