Module 6: Vulnerabilities
Description
Vulnerabilities are weaknesses that enable threats to be actualized. This module discusses cybersecurity vulnerabilities in general and those that are of a higher concern for critical infrastructure systems. It also identifies processes and tools for discovering vulnerabilities.
Objectives
| # | Revised Bloom’s Taxonomy | Objective | Slide # | Act. 1 | Team Act | Assess Ques # |
|---|---|---|---|---|---|---|
| 6.1 | Understand | Identify the common vulnerabilities associated with Control Systems (CS). | 4 – 16 | N/A | 4 | |
| 6.2 | Understand | Describe how an attacker may gain control of the SCADA system. | 17 – 21 | N/A | 11 | |
| 6.3 | Understand | Identify SCADA cyber vulnerabilities. | 22 – 28 | N/A | 2 | |
| 6.4 | Understand | Define vulnerability assessment and explain why it is important. | 30-31 | N/A | 1 | |
| 6.5 | Understand | Identify vulnerability assessment techniques and tools, such as CSET, Nessus, and other assessment tools. | 32-34 | N/A | X | 5 – 10 |
| 6.6 | Understand | Explain the differences between vulnerability scanning and penetration testing. | 30 | N/A | X | 3 |
