Risk Evaluation

When the risk analysis process has been completed, it is necessary to compare the estimated risks against risk criteria which the organisation has established.

The risk criteria may include associated costs and benefits, legal requirements, socioeconomic and environmental factors, concerns of stakeholders, etc. Risk evaluation therefore, is used to make decisions about the significance of risks to the organisation and whether each specific risk should be accepted or treated.

An Introduction To Information, Network and Internet Security
Risk Evaluation When the risk analysis process has been completed, it is necessary to compare the estimated risks against risk criteria which the organisation has established. The risk criteria may include associated costs and benefits, legal requirements, socioeconomic and environmental factors, concerns of stakeholders, etc. Risk evaluation therefore, is used to make decisions about the significance of risks to the organisation and whether each specific risk should be accepted or treated.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security