Produces a risk assessment table to determine the likelihood and impact to an information or technology asset if a vulnerability is exposed to a threat source, assigning a likelihood and impact to determine risk level. Documents the business impact of a vulnerability being breached.