Abstract
Determining the exact requirements for security for a given organization is essential for implementing the proper security measures. Such measures are designed to protect information systems from security breaches. The Internet and computer networking requires a new security measures and policies to reduce the threats and challenges inherent from these new technologies and software applications and network devices. The information security attacks of an organization’s assets have high dollar impact, loss of customer confidence, and negative business reputation. An organization must analyze its assets and the threats these assets face from either inside attacks or outside attacks. This paper presents a security assessment method which is designed to enable the organization to reduce security threats by deploying the most proper security measures, countermeasures, and policies.