Risk assessment consists of the risk identification , risk analysis , and risk evaluation. Risk assessment considers the consequences of the risk and the probability that such consequences will occur. The risk assessment is useful for the organizations which are interested to continually identify , assess and reduce IT-related risks within levels of tolerance set by enterprise management.
