A zero-day vulnerability is a security flaw for which no vendor patch exists at the time of discovery or exploitation. The term refers to the zero days available to the vendor for remediation. Zero-day exploits are particularly dangerous because conventional signature-based detection fails. In an ISMS, zero-day risk is addressed through defense-in-depth strategies: network segmentation, behavioral analysis, the principle of least privilege, and rapid patching once fixes become available.