1. See risk analysis. 2. The process of analyzing threats to and vulnerabilities of an information system (IS) and the potential impact the loss of information or capabilities of a system would have on national security. The resulting analysis is used as a basis for identifying appropriate and cost-effective countermeasures. 3. The process of reviewing the threats to and vulnerabilities of a system to determine the level of risk to which it is exposed. See also: Minimum Standards.