A systematic evaluation of an IT environment to identify, classify, and prioritise security weaknesses, forming the basis of a proactive cyber risk management strategy.