A process of identifying security vulnerabilities in systems, quantifying and analyzing them, and remediating those vulnerabilities based on predefined risks. Assessments are an essential part of a holistic security program and is cited by many industry standards and compliance regulations.