Figure 3-2: NIPP Risk Management Framework: Set Security Goals
 ?????From a sector perspective, security goals or their related sup
porting objectives:
 o Define the protective (and, if appropriate, the response or 
recovery) posture that security partners seek to attain; 
o Express this posture in terms of objective metrics and 
the time required to attain it through specific supporting 
objectives;
 o Consider distinct assets, systems, networks, operational 
processes, business environments, and risk management 
approaches; and
 o Vary according to the specific business characteristics and 
security landscape of the affected sector, jurisdiction, or 
locality.It is developed by DHS in collaboration with other secu
rity partners, updated on an ongoing basis, and used to 
support strategic decisionmaking, planning, and resource 
allocation;
 o Enabling DHS, SSAs, and other security partners to deter
mine the best courses of action to reduce potential conse
quences, threats, or vulnerabilities. Some available options 
include encouraging voluntary implementation of focused 
risk management strategies (e.g., through public-private 
partnerships), pursuing economic incentive-related policies 
and programs, and undertaking regulatory action if appro
priate; and 
o Using prioritized information to identify, or create, 
specific protective programs for CI/KR of the highest 
criticality based on risk.The inventory includes basic information on the relation
ships, dependencies, and interdependencies between various 
assets, systems, networks, and functions; on service provid
ers, such as schools and businesses, that may be of relevance??????????????????????????????????????????????????????????????????