What is a systematic review of security weaknesses in an information system called?

A systematic review of security weaknesses in an information system is referred to as a Vulnerability Assessment. This process involves identifying, quantifying, and prioritizing vulnerabilities in an information system. The goal is to understand the security posture of the system, recognizing potential weaknesses that could be exploited by attackers.

Conducting a Vulnerability Assessment typically includes methods such as scanning for known vulnerabilities, configuration reviews, and evaluating security controls. The results provide an organization with a comprehensive overview of security weaknesses, which allows for informed decision-making on how to mitigate these vulnerabilities and enhance overall security.

Choices such as a Security Audit and Risk Analysis, while related to security, serve different purposes. A Security Audit focuses on verifying compliance with policies and regulations, assessing the effectiveness of security controls. A Risk Analysis evaluates risks within the entire organization, considering threats, vulnerabilities, and the potential impact, rather than just cataloging specific weaknesses. Compliance checks are more concerned with adhering to established standards and regulations rather than a thorough evaluation of vulnerabilities. Thus, the designation of a Vulnerability Assessment is the most accurate for this systematic review.