The aim of this document is to provide a simplified and comprehensive view of risk management/risk
assessment for use within small and medium sized enterprises (SMEs). To achieve this goal, the
present document has been structured in a modular way. It is made up of various parts each devoted
to particular needs of stakeholders involved in the process of risk assessment and risk management.
The philosophy behind the generation of this material was to shield (non-expert) users from the
complexity of risk management and risk assessment activities. In doing so, some complex security
matters have been simplified to the minimum needed to achieve an acceptable security level.