The risk management process is an organized, analytical process used to assess the threats and vulnerabilities of an information system and identify the potential impact that the loss of information or capabilities of the system would have on national security and mission performance.