[resources, glossary, vulnerability-assessment]

    vulnerability management

    Vulnerability Assessment

    What is a Vulnerability Assessment?

    A vulnerability assessment is a comprehensive report that prioritizes all cybersecurity vulnerabilities across a network. While a critical piece of vulnerability assessment is vulnerability scanning, they are different processes. A vulnerability scan is an automated process, while the vulnerability assessment includes prioritization and actions by team members.

    What are the Steps of Vulnerability Assessment?

    The first step of a vulnerability assessment is a comprehensive real-time inventory of IT assets.  The vulnerability scanning program must have visibility into the complete inventory, as it’s critical in assessing cyber risk exposure. 

    The second step of a vulnerability assessment is the vulnerability scan itself by an automated application. The scanner identifies and prioritizes vulnerabilities known within the system, and reports them.

    Then security teams are able to make a risk assessment. They may do additional penetration testing to understand the potential exposure better or simply make a plan for remediation according to the incident response plan.