Risk Assessment (RA) is the process of identifying and managing risks within a company to eliminate, or at least reduce to an acceptable level the impact it may have on the assets or services of an organization due to a security incident. These may be in both qualitative and quantitative forms.
The RA service includes the following:
✓ Classification of assets and identification of asset values.
✓ Maintenance of the company risk register.
✓ Identification of Single Loss Expectancy, Annual Rate of Occurrence, and Annual Loss Expectancy.
✓ Identification of the Likelihood of Occurrence.
✓ A Supply Chain Assessment (if applicable).
✓ Qualitative and quantitative assessments of the impact to assets and services.
✓ Mitigation systems to minimize the risks to acceptable thresholds.