• Sign in
  • Get Started
HomeCompliance GlossaryWhat is a Risk Assessment?

What is a Risk Assessment?

A cyber security risk assessment identifies the information assets that could be affected by a cyber attack (such as hardware, systems, laptops, customer data and intellectual property). It then identifies the risks that could affect those assets.


A risk estimation and evaluation are usually performed, followed by the selection of controls to treat the identified risks.


It is essential to continually monitor and review the risk environment to detect any changes in the context of the organization, and to maintain an overview of the complete risk management process.

Join the Thousands of Companies that Trust Drata

See All Case Studies
Wiz logo 2
Airbase
TaskRabbit Logo
BambooHR Logo
Clearbit Logo
Superhuman
Alteryx logo
Lemonade Logo
Notion Logo
Vercel Logo
Wordpress VIP
Calendly Logo

View Drata Glossary

Learn more about other compliance and cybersecurity concepts in our glossary.

Read More

Solutions

StartupMid-MarketEnterpriseDrata PlatformIntegrations
Frameworks
SOC 2ISO 27001HIPAAGDPRNIST AI Risk ManagementFedRAMPNIS 2Custom FrameworksAll Frameworks
Resources
BlogEventsWebinarsReportsSOC 2 HubISO 27001 HubProduct UpdatesCompliance GlossaryAPI Documentation
Company
CareersCustomersAuditorsPartnersPressContact UsLegal
Trust
Security and ComplianceTrust CenterSystem StatusAccessibility

© 2025 Drata Inc. All rights reserved.

|Privacy Notice|Legal