Turvavigusid

Turvavigusid are weaknesses in a system that could be exploited to compromise security objectives such as confidentiality, integrity, and availability. The term is used in Estonian information security and translates roughly to "security vulnerabilities." These weaknesses can reside in software and hardware products, network configurations, processes, or human factors.

Origins and scope: In information security, turvavigusid are identified through testing, analysis, and monitoring. They are

Identification and assessment: Common methods include automated vulnerability scanning, manual penetration testing, code review, threat modeling,

Mitigation and management: Effective handling relies on patch management, configuration hardening, access control improvements, encryption, secure

Frameworks and standards: Guidance comes from frameworks like NIST Cybersecurity Framework, OWASP Top Ten, and ISO/IEC

See also: vulnerability, cybersecurity, risk management, CVE, CVSS.