...
- Mapping of information assets and value assessment
- Identify existing safeguards
- Identifcation of risk elements
- Assessment of risk level (consequence and probability)
- Controls in relation to risk factorselements
- Categorization and prioritization of controls
- Approval of controls
- Risk treatment. Implementation and follow-up of controls
...