Why vulnerability assessment should be an integral part of an IT system