Information Systems in the past few years became a keystone of society. History shows that in some Information Systems one simple failure can lead to disproportioned economic and social damages. Initially used in structural systems, the theory of vulnerability searches for this type of failure. This theory identifies failures in which small damage can have disproportionate impact consequences in terms of the functionality of the whole system. To test and evaluate these failures injections and analyze the impacts of them in sensitive Information Systems, simulation provides an interesting approach. By mimicking systems and representing them through models, simulation studies an imitated system without disrupting the system itself. Simulation provides a safer approach to explore and test the system in damage scenarios without real consequences. This paper discusses the use of the theory of vulnerability in Information Systems simulation.