Risk Management

1179 WordsNov 1, 20145 Pages
ABSTRACT Risk management is an activity, which integrates recognition of risk, risk assessment, developing strategies to manage it, and mitigation of risk using managerial resources. Some traditional risk managements are focused on risks stemming from physical or legal causes. (For example, natural disasters or fires, accidents, death). It may refer to numerous types of threats caused by environment, technology, humans, organizations and politics. Objective of risk management is identifying the risks and finding solution to reduce them. The paper describes the different steps in risk management process which methods are used in the different steps [Reference 2]. INTRODUCTION Risk management is one part in information security. All…show more content…
Risk control strategies When management has determined that the risks from information security threats are unacceptable, or when laws and regulations mandate such action, they empower the information technology and information security communities of interest to control the risks. Once the project team for information security development has created the ranked vulnerability worksheet, it must choose one of the following five approaches for controlling the risks [Reference 1]. Defense The defense approach attempts to prevent the exploitation of the vulnerability. This is the preferred approach and is accomplished by means of countering threats, removing vulnerabilities in assets, limiting access to the assets and adding protective safeguards. This approach is sometimes referred as avoidance. Transferal The transferal approach attempts to shift the risk to other assets, other processes, or other organizations. When an organization does not have the correct balance of information security skills, it should consider hiring or making outsourcing arrangements with individuals or firms that provide such expertise. This allows the organization to transfer the risks to other organization that has experience in dealing those risks. Mitigation The mitigation approach attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation. Acceptance Acceptance is the choice to do nothing to protect

More about Risk Management

Open Document