Information security assessments aimed at determining risk exposure, determining the possible impacts and frequencies with which the information assets could be affected and based on the severity and risk analysis develop appropriate countermeasures and mitigation.