Risk assessment internal and external criteria and factors

What are the internal and external criteria and factors that apply in the risk assessment?

Considering ISO 27005, the ISO standard for information security risk management, you have some of the following:

• Internal factors: business objectives, business processes, organizational structure, information assets
• External factors: geography, marketing trends, political and economical issues
• Risk evaluation criteria: strategic value of processes which handle business information, legal, regulatory and contractual requirements, business value of confidentiality, integrity, and availability
• Impact evaluation criteria: classification level of impacted information, affected operations (internal or of third-parties), breach of legal, regulatory or contractual requirements
• Risk acceptance criteria: business-related, legal and regulatory related, operational related, technological related, and financial related

This material will also help you regarding ISO 27001 risk management:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/