The risk assessment model is decomposed in NIST SP 800-37, Guide for Risk Assessments.
The risk assessment model is designed to identify threat sources and events, identify vulnerabilities and predisposing conditions, determine likelihood of occurrence, determine magnitude of impact and finally determine risk. Some of the devices used to do this are risk register:
Risk Register Template – version a Risk Register Template – version b
The risk assessment model is only one part of the risk management process in DIARMF and other risk management frameworks:
