Identifying, assessing, and prioritizing security risks and developing strategies to mitigate those risks.