This master’s thesis describes how two models from the Swedish Armed Forces; the risk management model and the IT lifecycle model can be combined. An example is then presented for how the risk management model can be extended for threats, risks, and vulnerabilities related to information technology. The combination and extension of the models are based on a literature study that lists and compares models and methods for threat, risk, andvulnerability analyses, as well as an analysis of threats related to information technology. From the combined and extended model, a design proposal for how to implement the identified functionality was identified. Based on an evaluation that showed that the program NTE and the plugin EASTER were suitable as the foundation for this implementation, the program NTE and the plugin EASTER were extended with further functionality and resulted in the implementation of the plugin ASCENSION. This was evaluated and resulted in ideas for a possible re-design and examples of the future potential of ASCENSION.