Overview
A Risk Assessment is a process to identify potential hazards and analyze what could happen if a hazard occurs. A business impact analysis (BIA) is the process for determining the potential impacts resulting from the interruption of time-sensitive or critical business processes. It is important to perform a risk assessment to understand the potential risks to your business and to identify the measures that can be taken to mitigate those risks.
Risk Assessment
Every organization should be performing some type of Risk Assessment. Risk Assessments can vary in nature and degree. However, they should lay out risks from both a business and technical perspective. Oftentimes you'll encounter that organizations are not performing a risk assessment at all.
Risk Mitigation
After both the business and technical risk assessments have been conducted. You will need to then review the findings and assign a risk score based upon your own defined matrix. Next you will need to Mitigate that risk, or put in place a compensating control to limit risk exposure.