What Is Vulnerability Analysis? Exploring an Important Cyber Security Concept

View all blog posts under Articles | View all blog posts under MSCS

Two cyber security professionals run a network scan.In 2018, cyber attacks cost American businesses more than $2.7 billion, according to the FBI’s crime reporting. It’s clear that to compete and remain safe, companies need to invest in a cyber security infrastructure that provides financial security and protects sensitive data systems. Organizations should also consider hiring cyber security professionals who have a deep understanding of vulnerability analysis, which protects against the threat of cyber attacks.

An advanced degree in cyber security can help individuals who are considering a career in the field develop the skills to prevent and fix vulnerabilities in an organization’s cyber security system.

The Dangers of Cyber Attacks

In 2019, computer maker Dell commissioned a report titled: BIOS Security-The Next Frontier for Endpoint Protection. It found that 63% of surveyed companies had a cyber security breach in the prior 12 months.

A successful breach can negatively affect a business’s proprietary data, either through damage or loss. It can also be very costly for organizations. Verizon’s 2020 Data Breach Investigations Report concluded that 86% of cyber crime breaches had financial intent. Furthermore, the cost to upgrade cyber security systems and recoup data can financially devastate an organization.

Larger organizations are prone to cyber attacks; however, cyber criminals also target smaller businesses because their cyber security systems are usually not as strong. For this reason, organizations of all sizes should hire cyber security professionals to optimize their systems and train employees in the various methods for securing data and sensitive information.

There are a variety of ways that cyber criminals conduct malicious attacks on an organization’s technological infrastructure. These criminals always find new ways to breach cyber security systems using viruses, malware, ransomware and phishing.


As its name suggests, a virus is software or code that infects a program, computer or system. Viruses are insidious in that they can often spread from computer to computer before being detected. Viruses may be designed to destroy computer functionality or steal data.


Malware is software that is harmful to a computer. It includes viruses, as well as spyware (software that steals personal information such as passwords), adware (software that displays unwanted ads) and other threats. Malware is often attached to emails or files that are downloaded.


This type of software is especially detrimental to an organization. Ransomware can lock employees out of a company’s system and prevent them from accessing important data until a ransom is paid to the cyber criminals.


This is the most common type of attack used by cyber criminals. Usually, these criminals send phishing emails that trick employees into entering important information into a fake website. Phishing emails may also download malicious malware when the email is opened.

What Is Vulnerability Analysis?

Cyber security professionals implement a vulnerability analysis when they are testing an organization’s technological systems. Vulnerability analysis allows them to prepare for cyber attacks before they happen. By identifying an organization’s cyber security vulnerabilities, cyber professionals can institute measures to mitigate these susceptibilities. Multiple steps need to be taken to effectively implement a vulnerability analysis.

Holistic System Evaluations

Cyber security professionals begin the process of vulnerability analysis by evaluating an organization’s digital system. First, they identify whether it is connected to the internet via an external or internal IP address. They then evaluate whether the system is accessible to the public and determine who has the overall permissions to access the systems. Finally, cyber security professionals analyze what the system is used for within the organization.

Systemic Baselines Identification

After this process, cyber security professionals define systematic baselines, which involve a variety of configuration factors. These factors need to meet a set standard of “security best practices,” according to AT&T Business. Some examples of configuration factors are operating systems (OS), software, ports and security configurations. Cyber security professionals need to be aware of all these factors before performing a vulnerability scan.

Vulnerability Scanning Implementation

There are two types of vulnerability scans: unauthenticated and authenticated. Originating at the network perimeter, unauthenticated scans search for and identify open ports and test for exploits and attacks, according to AT&T Business. In contrast, authenticated scans perform a “credentialed scan of the operating system and applications looking for misconfigurations and missing patches” that can be exploited by cyber criminals. After the scans are complete, cyber security professionals create a report identifying vulnerabilities in the system.

Skills Needed for Effective Vulnerability Analysis

A variety of skills are necessary to become a cyber security professional. These professionals should have a deep knowledge of the vulnerability analysis process. Moreover, they must exhibit strong technical, analytical and critical-thinking skills as well as a thorough understanding of current cyber attack methodologies.

These skills are vital, as cyber security professionals deal with complex and rapidly evolving technical systems and security issues. They must anticipate potential problems, establish robust testing processes to identify and fortify vulnerabilities, successfully handle security breaches in real time, and conduct thorough reviews after a security breach to ensure it doesn’t happen again.

Discover a Rewarding Career in Cyber Security

Cyber criminals are constantly developing new ways to breach the technological infrastructures and devices of organizations. Therefore, cyber security professionals who can stay one step ahead of these criminals are much sought after.

Many businesses are not prepared for the financial impact of a cyber attack. Professionals with an advanced degree in cyber security can develop the skills to protect an organization’s assets.

The University of North Dakota offers an advanced degree in cyber security that can prepare graduates to protect against cyber crime and keep cyber criminals at bay. This unique and rigorous online program offers four tracks: Autonomous Systems Cyber Security, Cyber Security and Behavior, Data Security and General Cyber Security.

Explore how the University of North Dakota’s online Master of Science in Cyber Security can prepare you for a role in this vital and in-demand field.

Recommended Readings

5 Powerful Cryptography Tools for Cyber Security Professionals

The Cyber Security Professional and Intrusion Detection Systems

The Cyber Security Talent Shortage


AT&T, “Vulnerability Assessment Steps, Process Explained”

CIO, “Winter 2019: State of the CIO”

CSO, “Top Cybersecurity Facts, Figures and Statistics for 2020”

Dell, “BIOS Security – The Next Frontier for Endpoint Protection”

Digital Guardian, “What Is Cyber Security? Definition, Best Practices & More”

SearchSecurity, Vulnerability Assessment (Vulnerability Analysis)

U.S. Federal Bureau of Investigation, IC3 Annual Report Released

U.S. Small Business Administration, Stay Safe from Cybersecurity Threats

Verizon, 2020 Data Breach Investigations Report