Q

Risk assessment vs. risk analysis vs. risk management

Can you tell me what the difference is between information security risk assessment, risk analysis and risk management?

Can you tell me what the difference is between information security risk assessment, risk analysis and risk ma...

nagement?

While there are different definitions of the above, here's the simplest:

  • A risk analysis involves identifying the most probable threats to an organization and analyzing the related vulnerabilities of the organization to these threats.
  • A risk assessment involves evaluating existing security and controls and assessing their adequacy relative to the potential threats of the organization.
  • Risk management is the systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, analyzing, evaluating, treating, monitoring and communicating risk.
This was last published in September 2005

Dig Deeper on Enterprise Risk Management: Metrics and Assessments

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close