Introduction

The key purpose of security risk analysis is to provide the rationale for developing security

measures that are above and beyond the baseline. This analysis process should be the basis for the

implementation of all measures, including those for the security of people, property, information,

and assets.

Risk

Risk Definition: Security risk can be defined simply as "the potential for loss.". It is the product of three elements:

Likelihood, Impact, and Vulnerability.

The 3 components that must be considered, analysed, prioritised, and managed in order that you can plan and implement appropriate protection measures are:

Step 1: Identify the Assets

The first step in the security risk analysis process is to identify the assets. Most assets fall into one of three categories:

People

Property

Information

Step 2 Identify the Threats

A threat can be defined as "a potential source of harm.". Many threats exist, and a threat doesn't become a risk to the enterprise until it can be assessed as having some measure of likelihood, some measure of impact, and the ability to exploit vulnerabilities.

Step 3: Assess the Likelihood

Assessing the likelihood of a threat occurring is an imprecise science. In some sectors or businesses, historical data will provide good insight, especially where there is good incident reporting. At other times, it may be necessary to develop possible hostile

scenarios and develop threat likelihood projects from that analysis.