Systems simulation has been widely used in the last decades in order to analyze the impact of different scenarios in several areas, and its application to information systems in no exception. Analyzing information systems through simulation models is simultaneously much more affordable; it is required a smaller amount of resources and it is less disruptive with the real system. Since information systems are becoming a cornerstone for our society, a failure in these systems can have a huge impact. The theory of vulnerability identifies failures in which small damage can have disproportionate impact consequences in terms of the functionality of the whole system. This paper discusses the use of the theory of vulnerability in information system simulation.