*4.1.4 Evaluation of vulnerability*

This is called mitigation or risk assessment. This step addresses identified threats with a focus on high-risk threats. Risk evaluations are related to asset inventories through threat intelligence. These resources are required to help security teams think about their systems' current state and develop vulnerability management strategies. Active device and solution monitoring can also provide risk evaluations. Penetration testing are, for example, effective in checking protection measures. This is to reduce severity.
