The process of identifying, analyzing, and evaluating cybersecurity risks to determine their potential impact and likelihood of occurrence.