Which term describes the ongoing process of checking systems for known vulnerabilities to satisfy regulatory compliance?

Regular vulnerability management is about continuously identifying known weaknesses in systems so organizations can remediate and meet regulatory requirements. Vulnerability scanning automates this ongoing process, periodically scanning assets to detect missing patches, misconfigurations, and outdated software using up-to-date vulnerability databases. This repeatable assessment is what regulatory programs expect to confirm that security controls are maintained and risks are being addressed. The other terms describe different activities: threat modeling focuses on planning for potential threats during design, penetration testing involves actively attempting to exploit defenses to verify their effectiveness, and incident response handles the detection, analysis, containment, and recovery after a security incident.