A system and method for assessing risks to computer network is provided. The system includes a first module assesses a human factor related to a risk to the computer network. A second module assesses a remediation to the computer network, and a third module is operable to assess a life cycle of an asset on the computer network. A fourth module assesses a type of the asset used by the computer network.