The Process
task requirements
Conducting the Risk Assessment
Identify Threat Sources
Identify Threat Events
Identify Vulnerabilities and Predisposing Conditions
Determine Likelihood
Determine Impact
Determine Risk
Communicate and Share Risk Assessment Information
Maintain the Risk Assessment  Effort
Create a Risk
Assessment Report
Contact Us
IT Security Risk Management (ITSRM)
Conduct the Risk Assessment Process
Identify threat sources that are relevant to organizations;
Identify threat events that could be produced by those sources;
Identify vulnerabilities within organizations that could be exploited by threat sources through specific threat events and the predisposing conditions that could affect successful exploitation;
Determine the likelihood that the identified threat sources would initiate specific threat events and the likelihood that the threat events would be successful;
Determine the adverse impacts to organizational operations and assets, individuals, other organizations, and the Nation resulting from the exploitation of vulnerabilities by threat sources (through specific threat events); and
Determine information security risks as a combination of likelihood of threat exploitation of vulnerabilities and the impact of such exploitation, including any uncertainties associated with the risk determinations.
Security Begins and Ends with You!

  Why You Need Our Product    |    Where Our Product Fits   |   PURCHASE PRODUCT