Risk analysis is the phase where the level of the risk and its nature are assessed and understood. This information is the
first input to decision makers on whether risks need to be treated or not and what is the most appropriate and cost-effective
risk treatment methodology. Risk analysis involves thorough examination of the risk sources, their positive and negative consequences, the likelihood
that those consequences may occur and the factors that affect them, assessment of any existing controls or processes that
tend to minimize negative risks or enhance positive risks (these controls may derive from a wider set of standards, controls
or good practices selected according to a an applicability statement and may also come from previous risk treatment activities).
D70 Impacts relative to assets D68 Threats relative to assets D67 Classified assets D69 Controls relative to assets D71 Risks relative to assets D72 Risks relative to asset groups