9 Security Risk Analysis

The fourth phase of a security risk assessment is security risk analysis. The objective of this phase is to utilize the data gathered to determine both the security risks of individual scenarios and the overall security risk to the assessed organization. The depth to which the team performs this security risk analysis depends upon the agreed upon method between the assessment team and the assessed organization. The security risk analysis task can be rather straightforward or rather involved using more complex methods.

The objective of the security risk assessment analysis phase is to determine and convey the security risk to the organization’s assets. The basic equation for security risk calculation is

$$\mathit{Security}\mathit{Risk}$$