Pick an asset such as specific software, hardware component or a network protocol and apply the NIST SP800-30 framework by going through the following steps:
a. Data collection: Creation of asset survey profile, control survey profile and threat vulnerability matrix for the asset.
b. Data analysis: Impact, control and Likelihood analysis, risk score calculation.
c. Risk classification and threat vulnerability pair ranking for the asset.
d. Report generation: Use the format described in the previous PPT.