A method, programmed
digital computer and
computer program product for assessing and managing security risks in an iterative fashion is provided. The invention is adaptable for use with any
system with security targets that are accessible to a security
threat. The invention is applicable to all systems with physical, electronic and virtual targets that can be accessed by a
threat, thus creating a risk to the
system, e.g., systems surrounding hospitals, blood banks,
mass transit operations, power production and transmission facilities, communication systems,
internet service providers, email and web hosting service providers, electronic commerce, financial institutions and school district lunch programs. Under the invention, if a security
threat can access a security target within a
system then a risk to the system is present. The invention provides an iterative process by which the system may be analyzed as an undivided whole or may, alternatively, be divided into discrete sections where all known security targets are identified within each section. All threats to each individual target are then identified and it is determined whether each threat has access to the associated target. If access is present, a qualitative or quantitative
risk level is assigned. Then, appropriate countermeasures are considered and, where appropriate, implemented if the
risk level is unacceptably high. A second inquiry is made regarding whether the particular threat has access to its identified target, considering the implemented
countermeasure(s), and a second
risk level assignment performed. If the risk level remains high, the process is repeated until the risk level for the subject target is acceptably low. All remaining targets are secured in this manner.