Activity
A.6 Analysis of relevant risks
Risk Assessment
Description
Description
Risk analysis is the phase where the level of the risk and its nature are assessed and understood. This information is the first input to decision makers on whether risks need to be treated or not and what is the most appropriate and cost-effective risk treatment methodology.
Risk analysis involves thorough examination of the risk sources, their positive and negative consequences, the likelihood that those consequences may occur and the factors that affect them, assessment of any existing controls or processes that tend to minimize negative risks or enhance positive risks (these controls may derive from a wider set of standards, controls or good practices selected according to a an applicability statement and may also come from previous risk treatment activities).

Organisation
Responsible
Risk Manager
Accountable
Risk Manager
Consulted
Risk Owner
Internal Audit
Domain Expert
Informed
Senior Management
Input/Output
Input data
D22 Relevant vulnerabilities
D65 Risk limits
D63 Asset class. scheme
D27 Disregarded threats just.
D25 Identification method doc.
D21 Relevant threats
D26 Likelihood data
D66 Existing controls
D23 Relevant impacts
D64 Relevant detailed assets
D24 Values
Output data
D70 Impacts relative to assets
D68 Threats relative to assets
D67 Classified assets
D69 Controls relative to assets
D71 Risks relative to assets
D72 Risks relative to asset groups