Back to Glossary
Governance & ComplianceHigh

Risk Assessment

The process of identifying, analyzing, and evaluating risks to an organization's assets

Content

What is Risk Assessment?

A Risk Assessment helps organizations understand potential security threats and their impact. It informs decision-making on where to invest in controls, tools, or training to reduce risk exposure.

Steps in the Process

  1. Identify assets
  2. Identify threats and vulnerabilities
  3. Assess likelihood and impact
  4. Prioritize risks
  5. Develop a response plan

Best Practices

  • Use standardized frameworks (NIST, ISO)
  • Involve stakeholders across departments
  • Reassess regularly, especially after major changes
  • Tie risks to business objectives
Quick Facts
Severity Level
9/10
Main Goal

Measure and prioritize risks

Key Inputs

Assets, threats, vulnerabilities

Risk Formula

Risk = Likelihood × Impact

Output

Risk register with mitigation plan

Related Terms
Threat Modeling

Visualizing potential attack paths

Business Impact Analysis

Measuring impact of risk on operations

Risk Management

Planning and mitigating identified risks

Learn More
How to Perform a Cyber Risk AssessmentISO 27005 Risk Framework