Vulnerability assessment is an integral component of a good security program. In fact, a well-functioning vulnerability management system, including testing and remediation, is often cited by industry standards and regulatory bodies as an essential requirement for security and mandatory for compliance. This white paper provides an overview of vulnerability assessments: what they are, how they’re used and the role that they play in ensuring an effective and comprehensive audit and security program.
What Is a Vulnerability Assessment?
The US National Institute of Standards and Technology (NIST) defines a vulnerability as “a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.”1 Thus, a vulnerability is a weakness that can be exploited by adversaries to advance their goals.
