This module deals with the conceptual bases of risk analysis and assessment criteria in security of information systems. Various labwork projects put these concepts into practise. The risk analysis of a realistic case study is backed up by appropriate methodology. Protection profiles are drafted in keeping with security of information systems common criteria.