A. Security measures only, cannot guarantee a 100% protection against all threats to assets. Consequently, risk analysis, which is the process of evaluating system vulnerabilities and the threats facing it is an essential part of any Risk Management programs. The analysis process categorises the possible consequences of risks related with the vulnerabilities and provides the basis by devising a means to advert any loss.
Risk management is the process of implementing and preserving countermeasures that reduce the effects of risk to an adequate level. The risk analysis process gives management the information it needs to make sophisticated decisions concerning information security. The procedure identifies the existing security controls, calculates vulnerabilities, and evaluates the effect of threats on each area of vulnerability.