|1. Risk Analysis or RA is the process to evaluate and determine the risk rating, which is the product of risk likelihood and risk impact.
2. Process to comprehend the nature of risk (2.1) and to determine the level of risk (2.23)
Notes (1) : Risk analysis provides the basis for risk evaluation (2.24) and decisions about risk treatment (2.25).
Notes (2) : Risk analysis includes risk estimation.
[ISO Guide 73:2009, definition 3.6.1]
(Source: ISO 31000:2009 – Risk Management — Principles and Guidelines) - clause 2.21
|3. Risk Analysis is the process of identifying the risks to an organization, assessing the critical functions necessary for an organization to continue business operations, defining the controls in place to reduce organization exposure and evaluating the cost for such controls. Risk analysis often involves an evaluation of the probabilities (likelihood) of a particular event.
(Source: Disaster Recovery Institute International / Disaster Recovery Journal - DRII/DRJ)
4. The identification and assessment of the level(measure)of the risks calculated from the assesses values of assets and the assessed levels of threats to,and vulnerabilities of,those assets.
|5. Determination of the likelihood and impact of each risk occurring. Risk Analysis provides the basis for risk evaluation, risk treatment and risk acceptance.
(Source: ENISA - the European Network and Information Security Agency. BCM & Resilience Glossary)