Skip to main content

Part of Data Security Standard 6 - Responding to incidents

Acting upon known vulnerabilities (6.3.1 - 6.3.5)

Previous Chapter

Email server software (6.2.6 - 6.2.9)

Current Chapter

Current chapter – Acting upon known vulnerabilities (6.3.1 - 6.3.5)

View all

Next Chapter

NHS Cyber Alerts Service (6.3.2)
Page contents

Which vulnerabilities?

There are many sources of information relating to known threats and vulnerabilities listings. For health and care organisations, the referenced authoritative list is from NHS England.

Threats and vulnerabilities are often used terms and sometime can be incorrectly interchanged.

Threats

The possible danger that could lead to an incident which could result in harm to systems and the organisation.

Vulnerability

A vulnerability is a weakness which allows an attacker to compromise security (integrity, confidentiality or availability). 

A threat could exploit a vulnerability (such as a gap) to lead to a potential incident. Not every threat will have a corresponding technical vulnerability, but it is very common. Cyber vulnerabilities are listed on our cyber alerts portal.

Last edited: 4 August 2023 8:18 am

Previous Chapter

Email server software (6.2.6 - 6.2.9)

Next Chapter

NHS Cyber Alerts Service (6.3.2)

Chapters

  1. Data Security Standard 6 - Responding to incidents
  2. Incident reporting (6.1.1)
  3. The incident reporting system (6.1.1)
  4. Incident management system (6.1.1)
  5. An informed and empowered audience (6.1.1)
  6. Notifying local leaders, national bodies and individuals of a data breach (6.1.2, 6.1.3)
  7. End point anti-virus (6.2.1 - 6.2.9)
  8. Always on, always connected, always up to date (6.2.3 - 6.2.4)
  9. Blocking web malicious content (6.2.5)
  10. Email server software (6.2.6 - 6.2.9)
  11. Acting upon known vulnerabilities (6.3.1 - 6.3.5)
  12. NHS Cyber Alerts Service (6.3.2)
  13. Repeat data security incidents (6.3.5)
  14. Monitoring (6.3.4)
  15. Fraud (6.3.4)