Professional Documents
Culture Documents
Risk Management
●Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to
an acceptable level.
●The risk management approach determines the processes, techniques, tools and team roles and
responsibilities for a specific project.
●The risk management plan describes how risk management will be structured and performed on the
project.
●Enhance enterprise-wide security policies Not only will the assessment help plug holes in your
security, but, by tying IT risk to enterprise-wide risk management, it can help create more secure
solutions, practices and policies within the organization. This will improve the overall security of
information in the organization, and help identify what security strategy best suits your organization.
●Gauge security awareness and readiness An IT risk assessment needs the involvement of various
IT security personnel, as well as other employees and managers, which will help you gauge how
aware various individuals and departments are of security threats, vulnerabilities, practices and
solutions.
Risk Mitigation
- Risk mitigation strategies are designed to eliminate, reduce or control the impact of known risks
intrinsic with a specified undertaking, prior to any injury or fiasco.
- With these strategies in place, risks can be foreseen and dealt with. Fortunately, today’s technology
allows businesses to formulate their risk mitigation strategies to the greatest capacity yet.
- While every organization needs to identify the strategies that are most appropriate for them, here
are a few simple strategies to perfect the process.
Risk Evaluation
Appropriate risk reduction methods cannot be developed until the possible hazards, disadvantages or
losses are thoroughly evaluated.
The steps included in risk evaluation are as follows.
1. Identification - Risk identification must include whether the risk is, first and foremost, preventable.
These risks come from within — they can usually be managed on a rule-based level, such as
employing operational procedures monitoring and employee and manager guidance and instruction.
2. Impact Assessment - Determine the probability and significance of certain "risky" events.
Anticipated risks can (and should) be rated according to their degree of probability.
3. Develop Strategy - Risk mitigation planning strategies and implementations should be developed
for risks categorized as high or medium probability. Low risks may be tracked or
monitored for impact but are less important in this step