Companies often conduct a security vulnerability assessment when they come to the realization that they are not where they need to be when it comes to securing their computer network and/or technology resources. Typically, the vulnerability assessment results in a prioritized list of found vulnerabilities and the methods that the business needs to use in order to remediate them. But just how do you go about coming up with that list?