Risk Management in
Five Easy Steps
IT risk management includes all of the activities
that an organization carries out to manage
information technology related risks. IT risk
management is a formalized process and includes:
- Risk Assessment
- Risk Analysis
- Risk Treatment
- Risk Mitigation
- Risk Review and Evaluation
1. Risk Assessment (Identify Risks)
Risk Assessments identify possible sources of risk.
They identify threats or events that could have a
meaningful impact on the organization.
2. Risk Analysis (Impact)
Risk Analysis considers the probability and
magnitude of each event. Risk evaluation compares
the estimated risk with a set of risk criteria to
determine the significance of the risk.
3. Risk Treatment (Risk Response Action Plan)
Risk Treatment identifies how each risk is to be
addressed. Residual risk is the risk left over after
implementing risk treatment steps that avoid the
risk, transfer the risk, reduce the risk, or accept
the risk.
4. Risk Mitigation (Risk Control)
Risk mitigation plans propose applicable and
effective security controls that manage the risks.
The plan should contain a schedule outling the tasks
to be performed, individuals responsible for the
actions, estimated dates, etc.
5. Risk Review and Evaluation (Risk
Effectiveness)
Risk management plans change over time as the
business evolves, as new threats emerge, as losses
are incurred, and as management changes. Review the
effectiveness of your approach and revise as
necessary.
Risk
assessments help organizations identify, manage,
and reduce risks to acceptable levels.
Tags: risk management | risk assessment | risk treatment
|
