Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

What is the difference between Risk Analysis and Risk Assessment ?

user-image
Question ajoutée par Firoz Khan
Date de publication: 2017/02/08
Carsten Ulrich Durchholz
par Carsten Ulrich Durchholz , Owner , Carsten Durchholz Consulting

I see a Risk Assesment as the wider task, looking at all the aspects of a risk like people/departments involved, calculating the possible loss figures and also have some (first) thoughts about possible mitigation. It is after the first step of Risk Identification the second step in the Risk Management Process. Thus, Risk Analysis would be the part of it that does the calculating and (sometimes) modelling.

 

But this is how my company uses these terms and I think there is no universal definition. It may vary from company to company.

Sesha Prakash S Kusuma
par Sesha Prakash S Kusuma , Vice President , PromaSecure Consulting

Risk Analysis is a subset of the Risk Assessment.  

The Risk assessment has the following subcategories - Risk Identification, Risk Analysis and Risk Evaluation.

The Risk Analysis is a super set of the following - Qualitative and Quantitative Risk analysis.

As seen above, Risk assessment provides a wider picture where as Risk analysis goes deep into the cause and effect of a given risk.

AJAY KRISHNAN
par AJAY KRISHNAN , HSE Manager , Progesys International

Risk analysis is the identifying most probable threats and analyze the related vulnerabilities to these threats. Risk assessment is an evaluating of existing controls and assessing their adequacy relative to the potential threats.

Samarth  Sharma
par Samarth Sharma , Senior Specialist , HCL

Risk Analysis is a part of risk assessment. 

Risk assessment involves measuring existing security controls and their adequacy to the potential threats impacting the organization. 

Risk analysis involves identifying the threats which can exploit the vulnerability of the organization. 

AHMED SHAKIL
par AHMED SHAKIL , Head IT (InfoSec, Risk & Compliance) , Stemz Healthcare

Risk Analysis is Identifying Risk's - it can be particular Business, it can be IT or a particular process, for each process or area it's required to identify probable "Risk" and Risk Assessment is "Assess" the Risk verses its Impact to Business i.e. whether the Risk is Non Critical, Critical or Risk can be acceptable to Business.

Adil Javed
par Adil Javed , Project Manager , Dock.io

Risk assessment involves identifying risk's severity on CIA basis (Confidentiality, Integrity, Availability) and its probability of occurrence.Risk analysis involves identifying risks with highest probability score or likelihood of occurrence score.

Ahmed Talal  Arif
par Ahmed Talal Arif , Financial Affairs Manager , Astranova Tarim Ticaret Ve Sanayi A.S.

Risk analysis involves identifying the most probable threats to an organization & analyzing the related vulnerabilities of the organization to these threats.

Risk assessment involves evaluating existing security,controls & assessing their adequacy relative to the potential threats of the organization.

Manvi Dudani
par Manvi Dudani , Information Security Analyst , Securelink

risk analysis involves identifying the most probable threats to an organization and analyzing the related vulnerabilities of the organization to these threats.

The risk assessment combines risk analysis and risk evaluation .

A risk assessment involves many steps and forms the backbone of your overall risk management plan whereas risk analysis is one of those steps the one in which you determine the defining characteristics of each risk and assigns each a score based on your findings . 

More Questions Like This