Vulnerability assessment (VA) is a control that most organisations implement and is a requirement for many security schemes such as PCI DSS. However, many organisations focus on the vulnerabilities themselves, which can mean they’re missing out on some of the possible security benefits.
One way to secure IT assets, is to maintain an awareness of the vulnerabilities in an environment and respond quickly to mitigate potential threats is through regular vulnerability assessment (VA). A vulnerability assessment is a process to identify and quantify the security vulnerabilities in an organization’s environment.
Vulnerability assessments depend on discovering different types of system or network vulnerabilities, which means the assessment process includes using a variety of tools, scanners and methodologies to identify vulnerabilities, threats and risks.