National Bureau of Standards, Automatic Data Processing Risk Assessment (NBSIR 77-1228) (Mar. 1977).
Risk analysis produces annual loss expectancy values based on costs and potential losses estimated by a management-appointed team from within the organization using and maintaining the ADP facility. The annual loss expectancy values are fundamental to the cost-effective selection of safeguards for the security of the facility. For the purpose of clarity, the ADP facility of a hypothetical Federal agency is used as an example. The characteristics and attributes which must be known in order to perform a risk analysis are described and the process of analyzing some of the assets is demonstrated, showing how the problem of risk analysis can be reduced to manageable proportions.