Risk identification is the first step of the risk assessment defined by ISO 27005. You systematically determine which assets need protection, which threats could affect them, and which vulnerabilities could be exploited. Methods include workshops, interviews, site inspections, and analysis of incident reports. The goal is the most complete risk inventory possible. In the ISMS wizard, Cenedril guides you step by step through this process — from risk sources through threats and vulnerabilities to concrete risk scenarios.