Identification should include assessing the vulnerability with security tools, including