9.4. Evaluate the Impact of Threats to Critical Assets
This activity builds upon the first two. You use the evaluation criteria that you created previously to evaluate the impact descriptions that you developed earlier during the first activity of process 7. By doing this, you are able to estimate the impact on the organization for each threat to a critical asset. The ultimate result is that you can now establish priorities to guide your risk mitigation activities during process 8.
Step 1: Review Information
Before you evaluate your risks, you need to review the information gathered so far from earlier processes. Specifically, we suggest that you look at the evaluation criteria and the following for each critical asset: