Back to Security Pattern Catalog

Risk Determination

Classification Key : Security Pattern Space


The appropriate security plan is identified by assessing the security needs of the assets. How can realistic enterprise security needs be explicitly identified?


Make a list of the business assets. Classify them and identify the types of protection needed. This activity is typically performed by an enterprise architect or strategic planner. 1. Identification of Business Assets of the Enterprise 2. Identification of Business Drivers that influence security protection needs of assets. 3. Determination of relationship between Assets and Business Drivers. 4. Identification of Security Needs. 5. Creation of Security Association between Assets and Security Needs.

Known Uses

NIST 800-30 uses a 3x3 matrix for risk determinations.

Related Patterns

Security Needs Identification for Enterprise Assets


Wiley Book


Risk, Threat


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz