Risk analysis review

Abstract: The risk analysis process is the foundation of creating secure systems. An accurate and well defined risk analysis will therefore be a big help for any company, indicating what resources are needed and where they should be put to use. It can be difficult to know which risk analysis methodology to use given a set of parameters such as available resources, time, money etc. In this review we will introduce several different risk analysis methodologies and classify them using our risk analysis classification system. Our classification points out some of the pros and cons for each method, making it easier to choose the one best suited for a specific scenario. We will also connect the presented methods with real-world usage of said methods. To do this we have conducted interviews with IT-security experts at several major companies and we will present previous documented usage of risk analysis methods. Larger companies tend to develop their own methods for risk analysis, and smaller companies that do not have enough time or resources to develop their own methods are more likely to use already existing methods. With that said we believe that anyone that works with risk analysis could have use of our review.