Activity
A.5 Identification of risks
Risk Assessment
Description
Description
This is the phase where threats, vulnerabilities and the associated risks are identified. This process has to be systematic and comprehensive enough to ensure that no risk is unwittingly excluded. It is very important that during this stage all risks are identified and recorded, regardless of the fact that some of them may already be known and likely controlled by the organization.
Organisation
Responsible
Risk Manager
Accountable
Risk Manager
Consulted
Domain Expert
Internal Audit
Risk Owner
Informed
Senior Management
Input/Output
Input data
D18 Impact statements
D19 Historical information
D17 Risk id methodology
D20 Assessment tools
Output data
D27 Disregarded threats just.
D26 Likelihood data
D25 Identification method doc.
D24 Values
D22 Relevant vulnerabilities
D23 Relevant impacts
D21 Relevant threats