Risk assessment and management
Risk, as defined by a dictionary, is to "Expose to a chance of loss or damage". There are many types of risks an organization faces in its day-to-day business functions.
In order to understand the risk, one needs to properly understand assets, threats, and vulnerabilities.
Risk has to be understood from the following perspectives
- Risk to What? Risks are generally to the assets. (See the next paragraph on assets which gives categorization and examples of such assets).
- Risk from What? A risk can be from many threat sources such as earthquakes, floods, hackers, fires, viruses, disgruntled employees, and so on.
- Risk of What? There is damage when an asset is compromised by a threat. The damage can be monetary loss, image ...