Risk Assessment
The information assets that can potentially be impacted by a cyber assault are identified through a cyber security risk assessment (such as hardware, systems, laptops, customer data and intellectual property). The risks that might have an impact on such assets are then identified.
Typically, a risk calculation and appraisal is done, then controls are chosen to address the risks that have been discovered.
To identify any changes in the organization’s context and to keep track of the entire risk management process, it is crucial to continuously monitor and assess the risk environment.