Risk Management Process
Earlier in this chapter, risk management was defined as the practice of identifying, assessing, controlling, and mitigating risks. Identifying the threats and vulnerabilities that are relevant to the organization is an important step, just as knowing the worth of an asset can help determine the impact of its loss. With this information, action can then be taken to reduce potential losses to assets from these risks.
Realizing that risk management is not the same as risk elimination is important. Risk elimination isn’t a reasonable goal. Instead, risk management attempts to identify the risks that can be minimized at a reasonable cost and implements controls to do so. Risk management includes several elements:
- Assessing ...
Get Managing Risk in Information Systems, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
