What is the correct order for the steps in the Risk Management process?

1. identify, characterize, and assess threats
2. assess the vulnerability of critical assets to specific threats
3. determine the risk (i.e. the expected consequences of specific types of attacks on specific assets)
4. identify ways to reduce those risks
5. prioritize risk reduction measures based on a strategy

1. Identify hazards

2. assess hazards

3. develop controls

4. implement controls

5. supervise/evaluate.

Identify hazards, Assess hazards, Develop controls and make decisions, Implement controls, Supervise and evaluate