Specifics of the Risk Management Program

By ascertaining what level of risk is acceptable for an individual system, the accreditation team can determine which countermeasures are necessary in maintaining the level of security required over the life-cycle of the IS. The formal investigative process involves data collection and analysis (risk analysis) of the system's exposure to risk using a risk assessment. The Risk Assessment addresses matters such as: assessment of threats, in- place countermeasures, and degree of impact following an asset loss or impairment.