Risk Assessment Explained for IB Computer Science

The first step is to identify risks by examining:

• Assets (what needs protection)
• Threats (what could cause harm)
• Vulnerabilities (where weaknesses exist)

Examples of assets include:

• Personal data
• Financial records
• System availability

Identifying risks means recognising what could go wrong.

Step 2: Analysing Likelihood and Impact

Once risks are identified, they are analysed based on:

• Likelihood – how likely the risk is to occur
• Impact – how serious the consequences would be

For example:

• A rare event with severe impact
• A frequent event with low impact

IB students should explain that:

• High-likelihood, high-impact risks are prioritised

This analysis allows risks to be ranked.

Step 3: Evaluating and Prioritising Risks

After analysis, risks are:

• Compared
• Ranked
• Prioritised

Organisations decide:

• Which risks must be addressed immediately
• Which risks can be accepted

Not all risks can be eliminated — some are accepted if mitigation costs are too high.

Step 4: Risk Mitigation

Risk mitigation involves:

• Reducing likelihood
• Reducing impact
• Or both

Mitigation strategies include:

• Improving access control
• Applying software updates
• User training
• Implementing backups

IB examiners expect students to link mitigation directly to identified risks.

Accepting, Avoiding, or Transferring Risk

After assessment, organisations may:

• Accept the risk
• Avoid the risk by changing systems
• Transfer the risk (e.g. insurance or outsourcing)

Risk assessment supports these strategic decisions.

Risk Assessment in Real-World Systems

Risk assessment is used in:

• Schools
• Banks
• Healthcare systems
• Online platforms

Each system has different assets and priorities, so risk assessments vary.

Common Student Mistakes

Students often:

• Describe risks without analysing them
• Ignore likelihood or impact
• Forget mitigation
• Treat all risks as equal

Clear step-by-step explanations earn higher marks.

How This Appears in IB Exams

IB questions may ask students to:

• Define risk assessment
• Identify risks in a scenario
• Analyse likelihood and impact
• Suggest appropriate mitigation

Structured answers score highest.

Final Thoughts

Risk assessment is the systematic process of identifying, analysing, and managing risks. By evaluating likelihood and impact, organisations can prioritise threats and apply effective security measures.

Understanding risk assessment allows IB Computer Science students to explain how real-world systems manage security responsibly and efficiently — exactly what examiners expect.

Learn the differences between HDDs, SSDs, and NAS for IB Computer Science, including performance, cost, and use cases.