Mistakes in a security policy may increase the chance of vulnerabilities. Some policy weaknesses are as follows:

• Lack of security policy: If a particular issue has not been addressed during creation, a security policy can allow hackers to attack.
• Policy weakness for hardware and software installation: Installing unapproved or unlicensed third-party software and making unapproved changes in the network topology can allow an attacker to exploit the network.

Understanding vulnerabilities and taking the proper action to protect them are very important steps in mitigating threats to an organization. A vulnerability in the network may occur due to the following reasons:

• A weakness in the network/system
• Flaws in the policy
• Misconfigurations
• Weaknesses in the protocol
•  Physical access to network resources
• Human mistakes
• Malicious software

There are some tools that help administrators perform an analysis:

• Common Vulnerabilities and Exposures (CVE): This is a very famous database that provides some of the most common identifiers used to enable the exchange of data between different security products and also helps to evaluate the tools and services of an organization.
• National Vulnerability Database (NVD): This US government database contains several standards of vulnerability management. The NVD also provides vulnerability management, security measurement, and compliance. This contains the checklist of security principles, a list of software weaknesses, and so on.