Vulnerability Assessment systematically identifies security weaknesses in systems, applications, and configurations. Automated scanners probe networks for known vulnerabilities, missing patches, weak configurations, and exposed services. Results prioritize findings based on severity, exploitability, and business impact.
Unlike penetration testing, vulnerability assessment stops at identification without exploitation. This allows broader coverage with less risk of system disruption. Regular assessments—weekly, monthly, or after significant changes—maintain visibility into the organization’s security posture.
CISSP Relevance
Domain 6 (Security Assessment and Testing) covers vulnerability assessment tools, methodologies, and integration with patch management. Know the difference between credentialed and non-credentialed scans, how to prioritize findings, and common vulnerability scoring (CVSS). Understand how assessments feed into the risk management process.
CISA provides vulnerability scanning resources at Cyber Hygiene Services.
Related terms: Penetration Testing, Patch Management