Risk Assessment vs Risk Analysis

How do you interpret “Risk assessment/analysis” mentioned in the CISSP exam outline?

  • The Sybex official study guide used “assessment” and “analysis” interchangeably. In fact, it seemingly equals “risk analysis” to “risk assessment.” Besides, its “risk assessment” includes risk response/treatment.
  • It conflicts with the NIST FARM model (Frame, Assess, Respond, and Monitor) and ISO 31000.

Risk Assessment

References

Facebook Post

Leave a Reply