What is a Risk Assessment?

A risk assessment is a broader term than a security risk assessment. A risk assessment may cover security risks but may cover other disciplines including medical risk, insurance risk, and project risk to name a few.

A risk assessment is used to identify risk to an organization's business processes. Internal and external risks should be considered along with environmental, physical, and computer security risks. Factors beyond the organization's control such as floods, fire, the economy are external risks.

From a computer security standpoint, a risk assessment is much the same as a computer security assessment. The goal of a risk assessment is slightly different, however, with the risk assessment tailored more toward the organization's business processes than the organization's systems. A similarity lies in the fact that the purpose of the risk assessment and the security risk assessment is to determine weaknesses and mitigate them, manage them, or be aware of them and accept them.

Organizations should develop their risk assessment procedures and processes according to their own businesss needs. There are different methods and tools used from one organization to another.