- IT Support
How to Choose the Right IT Support Provider for Your Business
15 Jan, 2026
GuideCyber Essentials PlusPDF · 3.7 MB
Vulnerability Assessment Guide for SMEs
Practical guide to understanding vulnerability scanning, interpreting CVSS scores, prioritising remediation, and meeting Cyber Essentials Plus scanning requirements.
About This Resource
Vulnerability scanning is a critical component of the Cyber Essentials Plus examination — and a fundamental security practice that every business should perform regularly. This guide explains what vulnerability scanning is, how it differs from penetration testing, what common vulnerabilities are typically found in SME environments, and how to interpret and prioritise scan results using the CVSS scoring system. It also covers recommended scanning tools, frequency best practices, and specifically how vulnerability assessment relates to Cyber Essentials Plus certification requirements.
What's Included
- What is vulnerability scanning: definition, internal vs external, scanning vs pen testing
- Common SME vulnerabilities: outdated software, weak passwords, missing patches, open ports
- CVSS scoring explained: how to interpret Critical, High, Medium, and Low severity ratings
- Remediation prioritisation: a practical framework for fixing vulnerabilities in the right order
- Tools and frequency: recommended scanners and how often to run assessments
- CE+ requirements: what assessors look for in vulnerability scanning results
Who Is This For?
IT managers, security teams, and business owners who need to understand vulnerability scanning fundamentals and how it relates to Cyber Essentials Plus certification.