In information technology, the term vulnerability management describes the process of identifying and preventing potential threats due to vulnerabilities, which compromise the integrity of systems, interfaces and data. Various organisations divide the management process into different steps and the process components identified may vary. Regardless of this variation, however, these steps generally include the following: policy definition, environment definition, prioritisation, action and supervision.
Policy definition refers to defining the levels of security required for systems and data throughout the organisation. After establishing these security levels, the organisation must then determine the levels of access and control of both systems and data, carefully mapping these levels to organisational needs and hierarchy. Next, an accurate assessment of the security environment based on the established policies is critical for effective vulnerability management. This involves verifying the state of security, accurately assessing it, and identifying and monitoring instances of policy violations.