...
- Mapping of information assets and value . Value assessment. Business Impact assessment
- Identify existing safeguards
- Identifcation of risk elements
- Assessment of risk level (consequence and probability)
- Controls in relation to risk elements
- Categorization and prioritization of controls
- Approval of controls
- Risk treatment. Implementation and follow-up of controls
...