Assessment

An assessment is a point-in-time review that feeds the improvement cycle: a risk assessment identifies and prioritizes risks to inform treatment, while a vulnerability assessment enumerates technical weaknesses to inform remediation. Penetration tests go a step further than vulnerability scans by actually exploiting findings to prove real-world impact — assessment identifies, the pen test demonstrates.