2. Process of identifying internal and external threats and vulnerabilities, identifying the likelihood of an event arising from such threats or vulnerabilities, defining the critical functions necessary to continue an organization’s operations, defining the controls in place or necessary to reduce exposure, and evaluating the cost for such controls.

(Source: ASIS International - ASIS International)

3. An overall process of risk identification, analysis and evaluation.

(Source: British Standard BS25999-1:2006 Code of Practice for Business Continuity Management)

Quantitative Assessment

4. A form of assessment that analyzes the actual numbers and values involved. This type of methodology typically applies mathematical and statistical techniques and modeling.

(Source: Business Continuity Institute - BCI)

Qualitative Assessment

5. A form of assessment that analyzes the general structures and systems currently in place. A descriptive methodology, which typically involves risk mapping and risk matrices. These assessments do not involve detailed measurements.

(Source: Business Continuity Institute - BCI)