This document is provided to provide the CIO with a technology assessment of vulnerability scanning. The information provided will ensure that the CIO has the information needed to make the best decision regarding this technology. This document provides a brief understanding of vulnerability scanning, its many forms, the types of scanners available, the advantages and disadvantages, and the costs involved. Introduction Vulnerability scanning is an automated process conducted by an organization's IT staff to identify any vulnerabilities that information systems may possess and use to help “secure their network” (Bradley). It is also used by hackers who are conducting reconnaissance on an organization's network to find any vulnerabilities they could exploit. The next few pages will provide information about vulnerabilities, the different forms of vulnerability scanning, the different types, pros and cons, and costs. Vulnerabilities Vulnerabilities occur when there is corrupted code or misconfigured hardware on a network. This is why it is important for an organization to have an effective vulnerability assessment plan that includes regular network scans and annual penetration tests. These scans are very important to prevent hackers from "using these flaws to gain access to your machines" (Houghton, 2003). An excellent source of information for obtaining "Summaries, Technical Details, Remediation Information, and Lists of Affected Vendors" (US-CERT) is the Vulnerability Notes Database. Please see Appendix B for current threats.What are the forms of vulnerability scanning?Just like any other security tool or software out there, there are many different forms of vulnerabilities……middle of paper……. infosec.gov.hk/english/technical/files/vulnerability.pdfHoughton, K. (2003). Vulnerabilities and vulnerability scanning. Retrieved from https://www.sans.org/reading-room/whitepapers/threats/vulnerabilities-vulnerability-scanning-1195NWN Corporation (n.d.). Vulnerability scanning. Retrieved November 12, 2013, from http://www.nwnstar.com/NWN_STAR/Vulnerability_Scanning.htmlOrrill, J. (n.d.). What is the difference between active and passive vulnerability scanners? | Chron.com. Retrieved from http://smallbusiness.chron.com/difference-between-active-passive-vulnerability-scanners-34805.htmlSecure State (n.d.). External vulnerability scans. Retrieved November 12, 2013, from http://www.securestate.com/Services/Risk%20Management/Pages/External-Vulnerablity-Scans.aspxUS-CERT (nd). Notes on the vulnerability. Retrieved November 12, 2013, from http://www.kb.cert.org/vuls/