What is the most effective way to identify risks like those you noted in the tables?
Perform a risk assessment on the system / web site.
Also hire a good security manager and a good web page developer.
Finally the web site has to be running in HTTPS.
What are some important factors when weighing the depth of a formal risk analysis? How would you balance the interruption needed for depth and the need to continue ongoing organizational activity?
Some of the important factors are business impact, probability of attack, cost of repair, difficulty to repair. Weight the factors and then rank them by their risk.
What should an organizations risk management specialist do with the information once a potential risk has been identified? What information would be needed for senior management to know the danger of each risk and the proper way to handle the risk?
Give the threat information to the right person to fix or update the potential risk. The senior management would need to know what the potential risk and dangers are to make sure the IT people can be alerted and followed up upon that the threat have been reduced or fixed.
How would this specialist properly prioritize these risks to make sure the most important ones were mitigated first?
By the total on the risk weight base on business impact, probability of attack, cost of repair, difficulty to repair.
Who is responsible for ensuring that an identified risk is addressed by the organization? What role does the analyst play? What role does senior management play? What roles do the analyst and senior management each play in addressing organizational risks?