Risk Assessment is actually one of the more misunderstood categories and usually is addressed as part of Threat Assessment. Risk Assessment does overlap to some degree, but the real definition of Risk Assessment falls under a number of categories, but usually addresses operations of companies that includes, but is not limited to pursuing a project, client, operation, acquisition, disposition and so-on.
It is a matter of analyzing the pros and cons of a potential project or venture, and the amount of “exposure” or “risk” that the company has the potential of being exposed to.
However, Risk Assessment is blurring with Threat Assessment since the terms are commonly intermixed, and it is believed in the next few years that Risk Assessment will be a sub-section of Threat Assessment. Until that takes place, we will address Risk Assessment as a separate and independent operation.