Which concept best describes the core components used in IDRMP risk assessment?

In IDRMP risk assessment, you gauge risk by looking at how important an asset is (criticality), who or what could threaten it (threat analysis), and where its weaknesses lie (vulnerabilities). These three elements together reveal where the greatest risks lie and where to focus defenses and resources. Budget, schedule, and performance are managerial metrics and don’t describe the risk factors used to evaluate assets. Personnel fitness and medical readiness relate to mission capability but don’t capture the risk dynamics of assets. Public opinion and media coverage can influence operations, but they aren’t the factors used to assess risk to assets. So, criticality, threat analysis, and vulnerabilities best describe the essential elements used in IDRMP risk assessment.