Information Systems Security Engineering Professional (ISSEP)
2.1.1 Establish risk context
2.1.2 Identify system security risks
2.1.3 Perform risk analysis
2.1.4 Perform risk evaluation
2.1.5 Recommend risk treatment options
2.2.1 Confirm operational risk appetite
2.2.2 Identify remediation needs and other system changes
2.2.3 Propose remediation for unaccepted security risks
2.2.4 Assess proposed remediation or change activities
2.2.5 Participate in implementation of the remediation or change
2.2.6 Perform verification and validation activities relative to the requirements impacted
2.2.7 Update risk assessment documentation to account for the impact of the remediation or change