Every organization is continuously exposed to an endless number of new or changing threats and vulnerabilities that may affect
its operation or the fulfillment of its objectives. Identification, analysis and evaluation of these threats and vulnerabilities
are the only way to understand and measure the impact of the risk involved and hence to decide on the appropriate measures
and controls to manage them.