...
- Mapping of information assets and value assessment
- Mapping of Identify existing safeguards
- Mapping Identify of risk elements
- Assessment of risk level (consequence and probability)
- Controls in relation to risk factors
- Categorization and prioritization of controls
- Approval of controls
- Risk treatment. Implementation and follow-up of controls
...