- Risk Determination quantify the probability of attack, it’s impact, and the adequacy of current or planned controls.
- Control recommendations considers the effectiveness, performance impacts, safety and reliability of control options.
- Likelihood determination considers the capability and motivation of threat sources in terms of vulnerability.
- Results documentation presents the threat and vulnerability pairings with associated cost-benefit data.
- Impact Analysis quantifies or rates potential losses to integrity, availability and confidentiality of relevant data.