Which of the following is not part of risk analysis? a) Assets b) Threats c) Vulnerabilities d) Countermeasures Solution d. Actual implementation of countermeasures and safeguards takes place after performing risk analysis. Risk analysis identifies the risks to system security and determines the probability of occurrence, the resulting impact, and the additional safeguards that could mitigate this impact..