Security Quality Vulnerability Assessment Detecting and assessing vulnerabilities in a constituent’s IT infrastructure Penetration Testing Attempting to gain access to the constituent IT infrastructure by exploiting detected vulnerabilities