The learning unit deals with the vulnerabilities that affects now systems and organizations. The learner will than know how to relate vulnerability and risks/attacks, considering both technological and human factors, and how to execute a vulnerability assessment and a penetration test. The learning unit aims also to illustrate the changing paradigms of attack from an approach aimed primarily looking for flaws in the technology to one which instead relies on the human factor to undermine the company's perimeter defences. More generally, it addressed the issue of availability of "social" information for attacks supported by techniques of social engineering.