What is a Risk Assessment?
A cyber security risk assessment identifies the information assets that could be affected by a cyber attack (such as hardware, systems, laptops, customer data and intellectual property). It then identifies the risks that could affect those assets.
A risk estimation and evaluation are usually performed, followed by the selection of controls to treat the identified risks.
It is essential to continually monitor and review the risk environment to detect any changes in the context of the organization, and to maintain an overview of the complete risk management process.