Management system standards PDCA Plan: Plan what we have to do Do: Implement your plans Check: Measure your

results Act: Correct and improve your plans Risk management Causes: project failure, uncertainties and financial markets, credit risk, legal reliability Accident, natural causes and disasters, attacks from adversaries. Strategy of management: transfer risk to another party, avoid risk, reduce the negative Effects of the risk, accept the consequences Goal: create value, be part of decision making, address uncertainties, take into account Human factors, be structured, be based on the best available information, Be transparent and inclusive, be capable of continual improvement Methods: identify, characterize and assess threats Assess the vulnerability of critical aspects to specific threats Determine the risks Identify ways to reduce risks Prioritize risk reduction measures based on strategies Identification methods: objective based, scenario based, taxonomy based, common-risks Assessment: Composite Risk Index = Impact of Risk event x Probability of Occurrence Benchmarking 1. Select subject 2. Define the process 3. Identify potential partners 4. Identify data sources 5. Collect data and select partners 6. Determine the gap 7. Establish process differences 8. Target future performance 9. Communicate 10. Adjust goal 11. Implement 12. Review and recalibrate