In the aftermath of the 9/11 terrorist attacks, responsible organizations are now even more interested in identifying their specific needs for information system security. This book provides a structured process for assisting any analyst in performing this task.