What type of assessment measures vulnerabilities in IT systems?

A Vulnerability Assessment specifically aims to identify, quantify, and prioritize vulnerabilities within IT systems, making it the most suitable choice. This process involves scanning systems for weaknesses, assessing security configurations, and determining potential entry points for unauthorized access or attacks. By identifying these vulnerabilities, credit unions and other organizations can implement appropriate controls and remediation strategies to strengthen their security posture and reduce the risk of exploitation.

Risk Assessments, while important, focus more broadly on evaluating the overall risk landscape, including assets, threats, and vulnerabilities, rather than specifically measuring vulnerabilities alone. Social Engineering pertains to tactics used by attackers to manipulate individuals into disclosing confidential information and is not an assessment method for evaluating IT system vulnerabilities. Compliance Evaluations, on the other hand, review whether systems adhere to regulatory requirements and standards but do not specifically measure vulnerabilities themselves. Thus, the focus on identifying and assessing vulnerabilities makes the Vulnerability Assessment the correct answer.