Vulnerability assessment
A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Examples of systems for which vulnerability assessments are performed include, but are not limited to, information technology systems, energy supply systems, water supply systems, transportation systems, and communication systems. Such assessments may be conducted on behalf of a range of different organizations, from small businesses up to large regional infrastructures. Vulnerability from the perspective of disaster management means assessing the threats from potential hazards to the population and to infrastructure. It may be conducted in the political, social, economic or environmental fields.
Vulnerability assessment has many things in common with risk assessment. Assessments are typically performed according to the following steps:
- Cataloging assets and capabilities (resources) in a system.
- Assigning quantifiable value (or at least rank order) and importance to those resources
- Identifying the vulnerabilities or potential threats to each resource
- Mitigating or eliminating the most serious vulnerabilities for the most valuable resources
"Classical risk analysis is principally concerned with investigating the risks surrounding a plant (or some other object), its design and operations. Such analysis tends to focus on causes and the direct consequences for the studied object. Vulnerability analysis, on the other hand, focuses both on consequences for the object itself and on primary and secondary consequences for the surrounding environment. It also concerns itself with the possibilities of reducing such consequences and of improving the capacity to manage future incidents." (Lövkvist-Andersen, et al., 2004) In general, a vulnerability analysis serves to "categorize key assets and drive the risk management process." (United States Department of Energy, 2002)1
In the United States, guides providing valuable considerations and templates for completing a vulnerability assessment are available from numerous agencies including the Department of Energy, the Environmental Protection Agency, and the United States Department of Transportation, just to name a few.
Several academic research papers including Turner et al. (2003),[1] Ford and Smith (2004),[2] Adger (2006),[3] Fraser (2007)[4] and Patt et al. (2010)[5] amongst others, have provided a detail review of the diverse epistemologies and methodologies in vulnerability research. Turner et al. (2003)[1] for example proposed a framework that illustrates the complexity and interactions involved in vulnerability analysis, draws attention to the array of factors and linkages that potentially affects the vulnerability of a couple of human–environment systems. The framework makes use of nested flowcharts to show how social and environmental forces interact to create situations vulnerable to sudden changes. Ford and Smith (2004), propose an analytical framework, based on research with Canadian arctic communities. They suggest that, the first stage is to assess current vulnerability by documenting exposures and current adaptive strategies. This should be followed by a second stage that estimates directional changes in those current risk factors and characterizes the community's future adaptive capacity. Ford and Smith's (2004) framework utilizes historic information including how communities have experienced and addressed climatic hazards, with information on what conditions are likely to change, and what constraints and opportunities there are for future adaptation.
Standardized Government Vulnerability Assessment Services
The GSA (also known as the General Services Administration) has standardized the “Risk and Vulnerability Assessments (RVA)” service as a pre-vetted support service, to rapidly conduct assessments of threats and vulnerabilities, determine deviations from acceptable configurations, enterprise or local policy, assess the level of risk, and develop and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. This standardized service offers the following pre-vetted support services:
- Network Mapping
- Vulnerability Scanning
- Phishing Assessment
- Wireless Assessment
- Web Application Assessment
- Operating System Security Assessment (OSSA)
- Database Assessment
- Penetration Testing
These services are commonly referred to as Highly Adaptive Cybersecurity Services (HACS) and are listed at the US GSA Advantage website.[6]
This effort has identified key service providers which have been technically reviewed and vetted to provide these advanced services. This GSA service is intended to improve the rapid ordering and deployment of these services, reduce US government contract duplication, and to protect and support the US infrastructure in a more timely and efficient manner.
132-45D Risk and Vulnerability Assessment [7] identifies, quantifies, and prioritizes the risks and vulnerabilities in a system. A risk assessment identifies recognized threats and threat actors and the probability that these factors will result in exposure or loss.
Assessing Vulnerability to Climate Change in the Global South
In the Global South, the vulnerability assessment is usually developed during the process of preparing local adaptation plans for climate change or sustainable action plans.[8] The vulnerability is ascertained on an urban district or neighborhood scale. Vulnerability is also a determinant of risk and is consequently ascertained each time a risk assessment is required. In these cases, the vulnerability is expressed by an index, made up of indicators. The information that allows to measure the single indicators are already available in statistics and thematic maps, or are collected through interviews. The latter case is used on very limited territorial areas (a city, a municipality, the communities of a district). It is therefore an occasional assessment aimed at a specific event: a project, a plan. When it comes to developing a vulnerability assessment on many municipalities, on one or more regions, or on an entire country, interviews, even if limited to a statistically significant sample, would require too much time and too much money and would not be repeatable over time. In this case, information that the state bodies are required to systematically collect at precise time intervals on the scale of interest for the assessment are used. If the vulnerability is ascertained at regular intervals over time, this activity is called tracking instead of assessment. Vulnerability tracking starts identifying the relevant information, preferably open access, produced by state or international bodies at the scale of interest. Then a further effort to make the vulnerability information freely accessible to all development actors is required.[9] Vulnerability tracking has many applications. It constitutes an indicator for the monitoring and evaluation of programs and projects for resilience and adaptation to climate change. Vulnerability tracking is also a decision making tool in regional and national adaptation policies.
See also
References
- Handbook of International Electrical Safety Practices
- US Department of Energy. (2002). Vulnerability Assessment Methodology, Electric Power Infrastructure.
- Turner, B. L.; Kasperson, R. E.; Matson, P. A.; McCarthy, J. J.; Corell, R. W.; Christensen, L.; Eckley, N.; Kasperson, J. X.; Luers, A.; Martello, M. L.; Polsky, C.; Pulsipher, A.; Schiller, A. (5 June 2003). "Science and Technology for Sustainable Development Special Feature: A framework for vulnerability analysis in sustainability science". Proceedings of the National Academy of Sciences. 100 (14): 8074–8079. doi:10.1073/pnas.1231335100. PMC 166184. PMID 12792023.
- Ford, James D.; Barry Smit (Dec 2004). "A Framework for Assessing the Vulnerability of Communities in the Canadian Arctic to Risks Associated with Climate Change". Arctic. 57 (4): 389–400. doi:10.14430/arctic516. hdl:10535/3095. JSTOR 40512642.
- Adger, W. Neil (August 2006). "Vulnerability". Global Environmental Change. 16 (3): 268–281. doi:10.1016/j.gloenvcha.2006.02.006.
- Fraser, Evan D. G. (August 2008). "Travelling in antique lands: using past famines to develop an adaptability/resilience framework to identify food systems vulnerable to climate change". Climatic Change. 83 (4): 495–514. doi:10.1007/s10584-007-9240-9.
- Patt, Anthony; Dagmar Schröter; Richard Klein; Anne Cristina de la Vega-Leinert (2010). Assessing vulnerability to global environmental change : making research useful for adaptation decision making and policy (1st paperback ed.). London: Earthscan. ISBN 9781849711548.
- "132-45D Risk and Vulnerability Assessment Companies". 20 March 2018.
- "132-45D Risk and Vulnerability Assessment". 20 March 2018.
- Tiepolo, Maurizio (2017). "Relevance and Quality of Climate Planning for Large and Medium-Sized Cities of the Tropics". In M. Tiepolo et al. (eds.) Revewing Local Planning to face Climate Change in the Tropics. Cham, Springer: 199–226. doi:10.1007/978-3-319-59096-7_10.
|access-date=
requires|url=
(help) - Tiepolo, Maurizio; Bacci, Maurizio (2017). "Tracking Climate Change Vulnerability at Municipal Level in Haiti using Open Source Information". In M. Tiepolo et al. (eds.), Renewing Local Planning to Face Climate Change in the Tropics. Cham, Springer: 103–131. doi:10.1007/978-3-319-59096-7_6.
|access-date=
requires|url=
(help)