Oct 20 2014

NIST SP 800-30

Risk Assessment Steps

  1. System Characterization
  2. Threat Identification
  3. Vulnerability Identification
  4. Control Analysis
  5. Likelihood Determination
  6. Impact Analysis
  7. Risk Determination
  8. Control Recommendations
  9. Results Documentation