Which step of a risk assessment uses the history of system attacks?

The step of a risk assessment that utilizes the history of system attacks is threat identification. This phase focuses on recognizing and understanding the various threats that can potentially compromise an organization's information systems. By analyzing historical data on system attacks, organizations can identify which types of threats are most likely to impact their systems based on past occurrences.

This historical context helps in building a comprehensive picture of potential threats, enabling organizations to prioritize their risk management efforts based on the likelihood and impact of these threats. Understanding past incidents provides valuable insights into the tactics, techniques, and procedures employed by attackers, thus informing future prevention and mitigation strategies.

In contrast, the other steps, while essential in a risk assessment, focus on different aspects. Vulnerability identification examines weaknesses in systems that could be exploited by the identified threats, control analysis assesses existing security measures' effectiveness, and likelihood determination evaluates how probable an attack is based on different factors, including the identified threats. However, it is during the threat identification phase that historical attack data plays a crucial role in shaping the overall risk assessment process.