The process of identifying vulnerabilities in a plan, system or organization, often by simulating an attack.