Understand your organisation's technical vulnerabilities.
Technical Vulnerability assessment covers a broad range of activities which are intended to determine the degree to which an organisation, system, or information asset is exposed to potential compromise, the impact of such a compromise, and the likelihood of it occurring, through primarily technical means.
Technical vulnerability assessment feeds into risk management by providing objective information that can be used to determine organisational impact, and absolute risk level.
Similarly, it is not a replacement for penetration testing, but could be considered as more of a supportive or adjunctive service; providing additional information to better scope or interpret the results from penetration testing activities.
There are different types of technical vulnerability assessment activity, and a wide range of approaches that can be taken. These should be driven primarily by internal risk management and security strategy.