Integral balance between dependent infrastructure services, resources, and capabilities.
Vulnerability assessments and threat information to determining the risk of assets. (i.e. the expected consequences of specific types of attacks on specific assets)
Use risk assessments to prioritize subsequent additional protection activities.
Understand models/methodologies developed to determine the cost-effective allocation of resources to reduce risks.
