The best way to protect an Information Asset is to reduce its attack surface. And that should always be the first line of defense. We should also implement appropriate security controls to avoid any attacks on the residual risk and to mitigate the amount of damages. The first and most important step in reducing the attack surface is to identify the Weakness / Vulnerabilities on an Information Asset. Steps in Identifying the Vulnerabilities include: 1. Identifying vulnerabilities in the Application 2. Identifying vulnerabilities in the Host 3. Identifying vulnerabilities in the Network Once the vulnerabilities are identified, the next step... Read more →