The INFOSEC Evaluation Methodology (IEM) process is a culmination of many activities resulting in the identification of security findings and recommendations that reflect the overall business mission, the desired security posture, and the risk to the company. The variety of tools used during the evaluation produce raw data in diverse formats. It is a must to organize the evaluation data in ways that make sense to the person who will analyze the data so that it can be turned into usable information. The final deliverable is dependent on the way in which the complex raw data that was collected during the onsite activities is broken down into its most basic elements and relationships, and the way in which the data has been analyzed through the process of categorizing, consolidating, correlating, and consulting to develop practical and effective solutions for the customer. The chapter discusses the way to determine risk through fully understanding the impact of a finding by not only looking at the security vulnerability but also providing real business value to the IEM process, combining the threat likelihood, the value of the asset, and the criticality of the finding. The chapter explains the way in which one can conduct additional research to formulate remedial recommendations that provide the customer with practical immediate and long-term recommendations to eliminate identified risks and to meet business goals.