Vulnerabilities are the gateways by which threats manifest. Network vulnerability assessment is a continuous process. It gives continuous service over months or years including intrusion detection, monitoring, components and site assessments. The assessment is on the enterprise's security policies and procedures, the National Institute of Standards and Technology, accepts Principles and Practices for Securing Information Technology Systems. There are two types of assessments, technical and non-technical. Technical assessment is used to unearth component vulnerabilities and ingress component technical security. Another performs on-site security assessment of network’s support structure. Data analysis and reporting is a final step. This constituent puts together information from the site assessment and technical assessment with threat information. Advice on how to extenuate the risks are also given.