Design risk assessment policy that identifies risks
Create a Risk Assessment Policy, which identifies the risks associated with an organization’s infrastructure. A risk assessment template may be downloaded from Sans: http://www.sans.org/resources/policies/#template
The risks must be in accordance with the Top 20 list from SANS/FBI recent survey, which may be found at the following site: http://www.sans.org/top20/
You must evaluate the risks, determine the level of risk to your organization, and decide how to treat the risk (acceptance, avoidance, transferable, reduce the consequence, or reduce the likelihood).