The process of identifying, assessing, and mitigating vulnerabilities in an organization's IT systems.