The process of identifying risks, then analyzing and evaluating them by their likelihood and impact to decide which need treatment.
Risk assessment is the heart of every risk-based management system. It identifies what could go wrong, analyzes how likely each scenario is and how severe its impact would be, and evaluates the result against the organization's risk criteria.
The output is a prioritized view of risk that drives risk treatment decisions. ISO/IEC 27001 and ISO 31000 both require a defined, repeatable assessment method so that results are consistent over time.
KaitoSec