...
The risk assessment process can be divided into the following activities:
- Mapping of information assets and value assessment
- Mapping of existing mitigating activities
- Mapping of risk elements
- Assessment of risk level (consistency and probability)
- Measures in relation to risk factors
- Categorization and prioritization of measures
- Approval of measures
- Risk treatment. Implementation and follow-up of measures
Activity 2 to 5 is usually done in a risk assessment workshop.