1. Is risk analysis solely a part of risk management, or do they have distinct roles in cybersecurity?

It is true that risk analysis is a part of cyber risk management. Without a proper risk analysis, there cannot be proper risk management.

2. Can an organization engage in risk management without conducting a formal risk analysis?

While it is not suggested, an organization can initiate risk management without risk analysis.

3. What role does risk management play in mitigating identified risks compared to risk analysis in cybersecurity?

Threats are situations or occurrences that could have a detrimental impact. It is especially harmful to the assets or operations of an organization by allowing unauthorized access to information systems. Everywhere can provide a threat. And it is irrespective of whether through hostile acts, mistakes made by people, malfunctions in structures or configurations, and even natural calamities.

4. Are risk analysis and risk management ongoing processes, or are they conducted at specific intervals in cybersecurity?

It is always suggested to map out proper risk analysis before proceeding with cybersecurity risk management. However, one can certainly make any changes and redo the analysis while they are in the risk management process.