Register now or log in to join your professional community.
I see a Risk Assesment as the wider task, looking at all the aspects of a risk like people/departments involved, calculating the possible loss figures and also have some (first) thoughts about possible mitigation. It is after the first step of Risk Identification the second step in the Risk Management Process. Thus, Risk Analysis would be the part of it that does the calculating and (sometimes) modelling.
But this is how my company uses these terms and I think there is no universal definition. It may vary from company to company.
Risk Analysis is a subset of the Risk Assessment.
The Risk assessment has the following subcategories - Risk Identification, Risk Analysis and Risk Evaluation.
The Risk Analysis is a super set of the following - Qualitative and Quantitative Risk analysis.
As seen above, Risk assessment provides a wider picture where as Risk analysis goes deep into the cause and effect of a given risk.
Risk analysis is the identifying most probable threats and analyze the related vulnerabilities to these threats. Risk assessment is an evaluating of existing controls and assessing their adequacy relative to the potential threats.
Risk Analysis is a part of risk assessment.
Risk assessment involves measuring existing security controls and their adequacy to the potential threats impacting the organization.
Risk analysis involves identifying the threats which can exploit the vulnerability of the organization.
Risk Analysis is Identifying Risk's - it can be particular Business, it can be IT or a particular process, for each process or area it's required to identify probable "Risk" and Risk Assessment is "Assess" the Risk verses its Impact to Business i.e. whether the Risk is Non Critical, Critical or Risk can be acceptable to Business.
Risk assessment involves identifying risk's severity on CIA basis (Confidentiality, Integrity, Availability) and its probability of occurrence.Risk analysis involves identifying risks with highest probability score or likelihood of occurrence score.
Risk analysis involves identifying the most probable threats to an organization & analyzing the related vulnerabilities of the organization to these threats.
Risk assessment involves evaluating existing security,controls & assessing their adequacy relative to the potential threats of the organization.
A risk analysis involves identifying the most probable threats to an organization and analyzing the related vulnerabilities of the organization to these threats.
The risk assessment combines risk analysis and risk evaluation .
A risk assessment involves many steps and forms the backbone of your overall risk management plan whereas risk analysis is one of those steps the one in which you determine the defining characteristics of each risk and assigns each a score based on your findings .