How is the risk paradigm relevant during a breach?
If the breach relates to risks previously documented, we know risk level, vulnerabilities and assets involved. Incident Management is also informed in another way. We will have to pick strategies for containment and recovery. Each strategy carries risk. How do we choose? By swiftly assessing risk. (The incident doesn't wait.)
So - just like incidents inform future risk management, impromptu risk assessments can guide ongoing incident handling.