Assessments often use a variety of scans and penetration tests, all discussed in this section. A vulnerability assessment typically includes the following high-level steps: • Identify assets and capabilities. • Prioritize assets based on value. • Identify vulnerabilities and prioritize them. • Recommend controls to mitigate serious vulnerabilities.
