Security Risk Assessment

Definition

Security risk assessment is the security engineering task during which the security risks an endeavor or work product are assessed.

Objectives

The typical objectives of security risk assessment are:

• Assess the current and potential threats to security.

Preconditions

The security risk assessment task typically may begin when the following preconditions hold:

• The security team is adequately staffed and trained in security threat prevention.

Completion Criteria

The security risk assessment task is typically complete when the following postconditions hold:

• All appropriate security threat prevention measures have been taken.

Steps

The security risk assessment task typically involves performing the following steps:

• TBD

Techniques

The security risk assessment task is typically performed using the following techniques:

• TBD

Work Products

The security risk assessment task typically results in the production of the following work products:

• Security Risk Assessment

Guidelines

• The security risk assessment task should be performed at the beginning of an endeavor and regularly thereafter.
• When security risk assessment is repeated, then either a previous security risk assessment document may be updated or a new document produced.