Assessing security risk is the initial step to evaluate and identify risks and consequences associated with vulnerabilities, and to provide a basis for management to establish a cost-effective security program. Based on the assessment results, appropriate security protection and safeguards should be implemented to maintain a secure protection framework.  This includes developing new security requirements, revising existing security policies and guidelines, assigning security responsibilities and implementing technical security protections.