There are two risk assessment methodologies: quantitative and qualitative.
Quantitative risk analysis assigns real dollar figures to the loss of an asset. Qualitative risk analysis assigns subjective and intangible values to the loss of an asset. Both methods are necessary for a complete risk analysis. Most environments employ a hybrid of both risk assessment methodologies in order to gain a balanced view of their security concerns.
Why Risk Assessment?
A risk assessment will protect your business, as well as be complying with the law. As for when to do a risk assessment, it should simply be conducted before you or any other employees conduct some work which presents a risk of Business losses.
What we provide?
We follow a systematic approach to assess Information Security Risk and recommend a Risk Treatment Plan based on NIST Special Publication 800-30 Special Revision 1 along with ISO 27001 standard. we identify organizational needs regarding information security requirements to mitigate the risk and bring it either under Risk Appetite or the Risk Tolerance. The Risk Assessment exercise conducted in order to ensure that all the risks are being addressed and they are within the acceptable limit, upper management must decide which risks are acceptable and which are not.