I want to know about the recent risk assessment framework/approach, models & risk assessment metrices is need to be developed for software / information security in multiuser enviornment. What should be latest approach of risk assessment.