Vulnerability assessment

From Wikiversity
Jump to navigation Jump to search

Vulnerability assessment is the process of identifying, quantifying and prioritising (or classifying) the vulnerabilities of a system. The following are some examples of systems where vulnerability assessment is applied: nuclear power plants, computer systems, energy supply systems, water systems, transport systems and communication systems. Vulnerability assessment can be carried out both on small businesses and large territorial infrastructures. From the point of view of Disaster Management, vulnerability assessment means identifying and analysing potential hazards that threaten the population and the infrastructure developed in the same context. It can be carried out in political, social, economic and environmental contexts.

Vulnerability assessment has many things in common with risk assessment. Assessments are usually carried out following the following steps:

  1. Cataloguing the assets and resources of a system
  2. Assigning quantifiable values (or at least orders of value) of the importance of assets
  3. Identification of the vulnerabilities or potential threats associated with each asset.
  4. Mitigation and elimination of the most serious vulnerabilities for the most valuable assets


"The classic risk analysis is basically associated with the examination of the risks surrounding a physical plants or other objects, its models and its operations. Such analysis tends to focus on the causes and direct consequences for the observed object. Vulnerability analysis, on the other hand, focuses on both the consequences for the object itself and the primary and secondary consequences relating to the surrounding environment. It is also based on the possibility of reducing these consequences and improving the ability to manage future incidents." (Lövkvist-Andersen, et al., 2004) In general the analysis of the vulnerability identifies the key assets of the obesered environment and its objects operating in the given environment and guides or determines the risk management process.[1] The modification of properties of the objects and its operation has the objective to improve or design risk mitigation processes. The are two main consequences of the vulnerability assessment:

  • (Probabilty) reduce the probability of a harmful event for the key assets and/or
  • (Impact) reduce the impact of an invent for the key assets.

It might be the case that risk mitigation stratgies may only address the impact of event. E.g. we may not change the probabilty of an Earthquake but may improve the structure of buildings, so that they are more stable (resilient) when an earthquake happens.

Learning Tasks[edit | edit source]

  • The earth quake example shows that a vulnerabilty assesment may only address the impact of an harmful event. Provide example where a vulnerability assessment provides an option to address the probability of an harmful event.
  • Perform a vulnerability assessment for the IT-Infrastructure your are working in.
  • Perform a vulnerability assessments for developing countries in the context of Climate Change. What are key assets that are endangered? What are other causes that must be considered for the vulnerability assessement, that might have an impact on the key assets.
  • Perform a vulnerabilty assessment for fresh water resources.

See also[edit | edit source]

Notes[edit | edit source]

  1. United States Department of Energy, 2002 http://web.archive.org/web/20030424135303/http://www.esisac.com/publicdocs/assessment_methods/VA.pdf