Activity
A.6 Analysis of relevant risks
IT Risk Assessment - ICS
Description
Description
Risk analysis is the phase where the level of the risk and its nature are assessed and understood. This information is the first input to decision makers on whether risks need to be treated or not and what is the most appropriate and cost-effective risk treatment methodology.
Risk analysis involves thorough examination of the risk sources, their positive and negative consequences, the likelihood that those consequences may occur and the factors that affect them, assessment of any existing controls or processes that tend to minimize negative risks or enhance positive risks (these controls may derive from a wider set of standards, controls or good practices selected according to a an applicability statement and may also come from previous risk treatment activities).

Organisation
Responsible
Accountable
Input/Output