What is Risk Assessment?
Identify and classify the assets that are scoped for risk assessment. This includes, Hardware, Software, People, Process, Information, Data etc.
Identify potential threat for each of these assets
Evaluate the system and list down potential vulnerability that may impact the asset.
List down current and planned controls that are in place
Based on the potential threats, possible vulnerabilities and existing controls, determine the possibility of threat realization against each of the vulnerability.
Identify the potential impact to the organization and its assets once a vulnerability is realized.
Rate the identified risk based on its impact to the organization and likelihood of realization.
Based on the identified risk appropriate controls are recommended for fixing the security weaknesses
Document the identified risks and the control recommendation for implementation and adherence.