Understanding an organization's reliance on information systems and how to mitigate the vulnerabilities of those systems can be an intimidating challenge-especially when considering unknown vulnerabilities. Introducing the Vulnerability Assessment and Mitigation (VAM) methodology, the authors lead evaluators through the procedure of classifying vulnerabilities in their systems: physical, cyber, human/social, and infrastructure elements. They assess five fundamental components of attack or failure: knowledge, access, target vulnerability, non-retribution, and assessment. In addition, this book provides an online link to a tool to use in implementing VAM.