As we conduct more and more business online, the digital world has become a hacker’s paradise. To combat the growing threat of cyber attacks, many companies are hiring chief information security officers (CISOs) whose main responsibility is to make sure data is secure. Recent high-profile data breaches have demonstrated that it is not a role for the faint of heart. “We’re like sheep waiting to be slaughtered,” said David Jordan, the CISO for Arlington County in Virginia. “We all know what our fate is when there’s a significant breach.” IT research firm Gartner predicts that by 2020, 30 percent of Global 2000 companies will have been directly compromised by independent cyber activists or cyber criminals. In order to protect information assets, CISOs and other security professionals are facing a difficult challenge: they have to keep up with cyber criminals, check off a growing list of compliance boxes, and keep close tabs on the security practices of their partners and employees. Addressing the sheer volume and evolution of cyber attacks is daunting for even the most security-conscious IT teams. It requires an in-depth understanding of organizational risks and vulnerabilities, as well as current threats and the most effective policies and technologies for addressing them. Only by understanding their risks can organizations target limited security dollars to the technologies and strategies that matter most. Getting maximum benefit from a vulnerability assessment requires an understanding of your organization’s mission-critical processes and underlying infrastructure, and applying that understanding to the results. To be truly effective, it should include the following steps: