APHA97: What?

Need to do formal assessment:

1. Identify the information assets that need protecting
2. Describe the architecture of the information system to be deployed
3. Identify and rank the threats to those information assets based on the architecture
4. Identify the most serious threats and develop solutions to mitigate the threats as much as possible
5. Make specific recommendations of solutions for deployment