What is a Vulnerability Assessment?

Under 23 NYCRR 500 many companies are obligated to conduct “vulnerability assessments” bi-annually (note: this means twice per year, not once every two years!). Vulnerability assessments are aptly named because, well, they are assessments intended to identify cybersecurity vulnerabilities. But cybersecurity jargon is often tossed around and left undefined. In the world of information security,…