Risk assessment and risk management

Answer: Risk assessment is the process to identify, analyse and evaluate risks, so you can prioritize them, allowing you to focus on the most relevant risks and optimize resources.

2. What is the difference between threat and risk?

Answer: Threat is an agent (e.g., a person, a malware, a natural event, etc.) that has the potential to cause an incident, while the risk is the relation between the impact and the probability of an incident to happen.

These articles will provide you further explanation about risk and threats:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment

This material will also help you regarding risk and threats:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Security Awareness Training: https://advisera.com/training/awareness-session/security-awareness-training/– this is a series of 25 videos that cover various topics related to security.