What is Risk analysis and what are the major steps in Risk analysis process?
Risk analysis is one of the core components of risk assessment in an organization and involves a systematic review of the identified risks for the impact or likelihood (probability). The likelihood of risk describes the probability that an incident or event will occur in the organization. Whereas impact or consequence of risk defines how disastrous the security incidents or events would be if it were to occur. And risk analysis begins with a vulnerability assessment and threat analysis. Furthermore, risk assessment is focused on evaluating the likelihood or probability of identified security threats exploiting vulnerabilities in the organization and determining the consequence to organizational assets if the risk materializes.
The likelihood of risk can be identified by evaluating each security threat and assessing the probability that the threats might actually exploit a vulnerability of information systems of the organization. The impact of risk can be identified by establishing the value associated with each potentially affected organizational assets and determining how that value will be destroyed or affected by the security incident or event. Moreover, the value of the assets to the organization may be described and analyzed quantitatively and qualitatively. Besides, the quantitative value of the asset is determined by its cost or market value while the qualitative value of each asset is usually determined by its relative importance to the organization.
Major steps or processes in risk analysis endeavors include the following:
- Perform a risk assessment survey
- Identify the risks
- Analyze the identified risks
- Develop a risk management plan
- Implement the risk management plan
- Continuously Monitor and control the risks status