Vulnerability assessment is an information security community standard and promotes security content to standardize the transfer of information to other tools and services. The framework was used by the federal government agency to develop a plan to protect its infrastructure (Marwick, 1998). It involved a three-step process; to define minimum essential infrastructure, to identify vulnerabilities of MEI, and develop solution plans. However, the method has its weaknesses, such as it is limited to the purpose to which it is used. Also, the use of the scalable template to assess vulnerabilities may give a solution that may not necessarily apply, especially when the team was not committed or knowledgeable in the process of identifying the weaknesses. For example, if the team is not conversant with the process of assessment, a slight mistake causes a change in the solution plan, which affects an organization.
The private sector company does not involve the government in its operations; therefore, its scalability process lies between the internal partners and its agency. The use of the mission essential process serves it best to identify the weaknesses that hinder the achievement of its mission. This involves identification of the mission and objectives, identifying the gaps, and finding the solutions. On the other hand, the local government consists of a project design for community mobilization hence more advanced analysis required based on the needs of the community (Preston, Brooke, Measham, Smith & Gorddard, 2008). Therefore, it uses poverty vulnerability assessment. A regional authority needs strategic planning and policy for a larger population. Therefore, a livelihood vulnerability index method can be applied to evaluate climate or economic changes affecting society.
Vulnerability assessment requires a constant flow of information hence the need for tools and software. Lack of these resources is a challenge to the process. Shortage of skilled staff to run the software or make the process successful leads to underdeveloped remedy or wrong plans (Cedergren et al., 2018). Also, the lack of defined criteria of assessment by the management affects the process and fails to provide efficient solutions to the challenges identified. Lacking these factors affect the operations of an institution or agency and reflects on the performance as security is critical for smooth functioning.
Cedergren, A., Hedtjärn Swaling, V., Hassel, H., Denward, C., Mossberg Sonnek, K., & Albinsson, P. et al. (2018). Understanding practical challenges to risk and vulnerability assessments: the case of Swedish municipalities. Journal Of Risk Research, 22(6), 782-795. doi: 10.1080/13669877.2018.1485169
Marwick, P. (1998). Vulnerability Assessment Framework. Critical Infrastructure Assurance Office.
Preston, B., Brooke, C., Measham, T., Smith, T., & Gorddard, R. (2008). Igniting change in local government: lessons learned from a bushfire vulnerability assessment. Mitigation And Adaptation Strategies For Global Change, 14(3), 251-283. doi: 10.1007/s11027-008-9163-4