The identification of vulnerabilities in systems, software or networks, and creating a plan of action to address them.