Vulnerability assessment system (VAS)

Institute for Information Industry is currently handling a project for National Information and Communication Security Taskforce of Executive Yuan. One of the missions of this project is to conduct information security assessments for the current security situation of the national network. Although there are already many commercial software packages on the market to help diagnose security vulnerabilities, but most of these software packages are aiming for small to medium size organizations and only for one single enterprise infrastructure. Therefore, they are not able to perform an over-organization, integrated vulnerability assessment analysis. Moreover, the vulnerability assessment is only the beginning step of solving information security problems; there is a need for a comprehensive management mechanism for information security vulnerability assessment, to let IT staff precisely resolve the security problems of the information systems. As the result, the design goal of VAS is to provide assistance to perform a comprehensive management mechanism for information security vulnerability assessment.