• Further understand the security situation of the organizational information system, by means of this information security risk evaluation.
• Determine the objects that require security protection in the organization and the priority sequence of protected objects, by the identification of information assets.
• Determine the information security threats faced by the organizational information system, by means of threat views, based on threat identification.
• Get to know the statistics and distribution of vulnerabilities in the current information system, by means of vulnerability identification.
• Clearly describe the current security system and missing security control measures, by means of the identification and confirmation of the existing security control measures.