This involves identifying, assessing and prioritizing potential security risks to systems and networks.