Managing Operational vulnerability
Operational vulnerabilities are weaknesses in systems, processes, or procedures that can be exploited by attackers to compromise the security and integrity of an organization's operations. These vulnerabilities can arise from a variety of factors, including IT and non-IT operations.
Vulnerability in operational processes
In today's ever-changing business environment, organizations may face various operational vulnerabilities at unforeseen times. These vulnerabilities can originate from IT-related issues or non-IT areas like third party problems or facility issues that might affect organizational functioning. Through Operational vulnerability, you can identify these weaknesses or vulnerabilities in IT systems and other operational processes within your organization.
Upon identifying vulnerabilities, analysts and owners undertake action tasks and determine the optimal response strategy. To address the vulnerability, stakeholders carry out risk assessments, pinpoint affected areas, and create corresponding assessment and treatment tasks. A treatment plan is then developed to either accept, avoid, mitigate, or transfer the vulnerability. Once the associated tasks are completed, approval for the vulnerability is requested. Following approval, the vulnerability is closed.
By addressing these vulnerabilities and implementing effective controls, organizations can significantly reduce the risk to their operations and ensure the timely delivery of the business services.
Starting with Release 19.0.x, the Operational vulnerability feature is integrated into the Operational Resilience application by default.
Get started
- Report an operational vulnerability from the Employee Center or the Operational Resilience Workspace.
- Identify and link the impacted and related areas to the operational vulnerability.
- Generate action tasks and request approval for them.
- Decide a treatment plan to address the operational vulnerability and conduct a root cause analysis.
- Add or create issues related to the operational vulnerability.
- Request approval for and close the operational vulnerability.