Information Assurance Assessment and Evaluation Project Paper Outline Introduction An information security risk assessment will focus on the effectiveness of an entity being accessed Scarfone Souppaya Cody Orebaugh 2008 The thesis statement is An effective risk assessment is done by following the appropriate methods and procedures which entails that organizations need to manage risk effectively to achieve business and strategic objectives and an effective risk assessment is done through technical testing risk management evaluations information assurance governance and the security metrics relating to information systems The information security risk assessment consists of a risk analysis that identifies sources and estimates risk using a risk evaluation A risk evaluation compares the estimated risk against certain criteria to determine its relevance Wangen 2017 Information security risk management aims to protect a company's information which can range from security threats through using effective and cost efficient methods Webb Maynard Ahmad Shanks 2016 The objectives of risk management involve security threats in determining information of risk assessments of security threats according to impact and probability of occurrence determining risk mitigation according to level of preparedness involving information security threats and determining the extent of occurrence and impact of security threats as it relates to preparedness