Expresso® Risk Assessments

ExpressoRExpresso ® Risk Assessments are the process by which an Organization identifies: Expresso

(1) Threats to the Organization (i.e. to its Operations, Assets, or Individuals);

(2) Vulnerabilities internal and external to the Organization;

(3) The harm (i.e. adverse Impact) that may occur given the potential for Threats exploiting Vulnerabilities; 

(4) The Overall Risk associated with a specific Threat, Vulnerability, and Impact combination; and

(5) Expresso® also provides model Risk Remediation documentation (a.k.a. Visible Demonstrable Evidence of Compliance) associated with High-Risks.


Expresso's® Opening Screen Looks as Follows

All Expresso® options can be accessed from this screen depending on the security level that the logged in User possesses. Some Add-on features are not depicted below.


Expresso® embodies the NIST seven (7) step process (“Methodology”) for performing a Risk Assessment. Expresso® does for Risk Assessments what QuickBooks Online (“QBO”) did for accounting. 

NIST Process