Risk Assessment

Audio transcript

The Risk Assessment evaluates and documents these identified risks.

The various threats are measured and quantified to determine the level of the risk and the amount of harm to the system and its data that would occur if the threat were realized. This assessment matches the threats to the system's vulnerabilities.

Next, the assessment of the risk is documented in a Decision Support Package in accordance with existing regulations, policies, and requirements for the organization.

The result of the Risk Decision is a recommendation, either to approve the system with the existing level of residual risk, or if the level of residual risk is too high, a recommendation not to approve the system.


Next Risk Management Model Information Assurance page 2 Main Menu Resources Glossary