Perform audits or scans of systems, permissions, insecure software, insecure configurations, etc. to identify potential weaknesses. [1]