...
- Mapping of information assets and value assessment
- Mapping of existing mitigating activitiessafeguards
- Mapping of risk elements
- Assessment of risk level (consistency consequence and probability)
- Measures Controls in relation to risk factors
- Categorization and prioritization of measurescontrols
- Approval of measurescontrols
- Risk treatment. Implementation and follow-up of measurescontrols
Activity 2 to 5 is usually done in a risk assessment workshop.