The primary role of the security officer is to advise senior managemen
t on the optimal deployment of security resources. This is a task of c
onsiderable complexity and it is suggested that the security officer w
ould be assisted by computer tools that provide an effective security
model of the system under consideration, so that the system risks may
be identified and prioritized. The development of such a model, based
upon a risk data repository, is described. It is also suggested that a
countermeasure architecture may be used to relate external threats to
the logical nodes of system platform, and thence to physical and proc
edural realities of the organization. The effort of software developme
nt, data collection, encoding and entry for such a model could well pr
ove to be excessive in terms of the expected benefits. It is therefore
proposed, in this paper, that hypertext be employed to allow pre-exis
ting data to be readily entered in its native form and then manipulate
d by the security officer. This model has been used in a banking envir
onment and the hypertext version has been employed in the study of a c
omputerized university student admission system.