There are 3 types of security evaluation- risk assessment, vulnerability assessment, and penetration testing. Sameer Jain