A vulnerability is a weakness in a system, application, process, or organisation that can be exploited by a threat. Technical vulnerabilities include missing patches, insecure configurations, and coding errors. Organisational vulnerabilities encompass missing training, unclear responsibilities, and gaps in processes. In your ISMS you identify vulnerabilities during risk identification and record them in the vulnerability register. The Cenedril ISMS wizard automatically links vulnerabilities with threats and assets to form risk scenarios.