Risk Management
Risk management is a process for identifying, assessing, and mitigating vulnerabilities and threats (risks) to the essential functions that a business must perform to serve its customers.
- most companies institute enterprise risk management (ERM) policies based on published frameworks
Risk Management Process
- Identify assets
- Identify threats
- Assess vulnerabilities
- Assess risks
- Mitigate risks
- Evaluate effectiveness
Risk Assessment
Elements of Risk Management in Policies and Procedures
- Risk identification
- Risk assessment
- Risk mitigation
- Risk evaluation