How do you interpret “Risk assessment/analysis” mentioned in the CISSP exam outline?

• The Sybex official study guide used “assessment” and “analysis” interchangeably. In fact, it seemingly equals “risk analysis” to “risk assessment.” Besides, its “risk assessment” includes risk response/treatment.
• It conflicts with the NIST FARM model (Frame, Assess, Respond, and Monitor) and ISO 31000.

References

• Certification Terms Glossary Master List
• CISSP Glossary – Student Guide

Facebook Post