Risk Management
ABSTRACT
Risk management is an activity, which integrates recognition of risk, risk assessment, developing strategies to manage it, and mitigation of risk using managerial resources. Some traditional risk managements are focused on risks stemming from physical or legal causes. (For example, natural disasters or fires, accidents, death). It may refer to numerous types of threats caused by environment, technology, humans, organizations and politics. Objective of risk management is identifying the risks and finding solution to reduce them. The paper describes the different steps in risk management process which methods are used in the different steps [Reference 2].
INTRODUCTION
Risk management is one part in information security. All managers are expected to play a role in the risk management process, but information security managers are expected to play the largest roles. Before studying risk management detail we should have some idea on risks and difference between hazard and risks.
Hazard is any source of potential damage, harm or adverse health effects on something or someone under certain conditions at work. Basically hazard can cause harm or adverse effects.
Risk is the chance of probability that a person will be harmed or experiences an adverse effect if exposed to a hazard.
Risk management is a process of identifying, analyzing, treating and monitoring the risks involved in any activity or process. This process is an expected responsibility for managers in all organizations.
Risk management is carried out by mainly two components risk identification, risk control [Reference 1].
Risk identification: It is the process of identifying and documenting the risks. Following steps carries it out.
Risk assessment
Inventorying assets
Classifying assets
Identifying threats and vulnerabilities
Risk control: It is the process of applying controls to reduce the risks to an organization’s data and information systems. This process carries out the following
Risk management is an activity, which integrates recognition of risk, risk assessment, developing strategies to manage it, and mitigation of risk using managerial resources. Some traditional risk managements are focused on risks stemming from physical or legal causes. (For example, natural disasters or fires, accidents, death). It may refer to numerous types of threats caused by environment, technology, humans, organizations and politics. Objective of risk management is identifying the risks and finding solution to reduce them. The paper describes the different steps in risk management process which methods are used in the different steps [Reference 2].
INTRODUCTION
Risk management is one part in information security. All managers are expected to play a role in the risk management process, but information security managers are expected to play the largest roles. Before studying risk management detail we should have some idea on risks and difference between hazard and risks.
Hazard is any source of potential damage, harm or adverse health effects on something or someone under certain conditions at work. Basically hazard can cause harm or adverse effects.
Risk is the chance of probability that a person will be harmed or experiences an adverse effect if exposed to a hazard.
Risk management is a process of identifying, analyzing, treating and monitoring the risks involved in any activity or process. This process is an expected responsibility for managers in all organizations.
Risk management is carried out by mainly two components risk identification, risk control [Reference 1].
Risk identification: It is the process of identifying and documenting the risks. Following steps carries it out.
Risk assessment
Inventorying assets
Classifying assets
Identifying threats and vulnerabilities
Risk control: It is the process of applying controls to reduce the risks to an organization’s data and information systems. This process carries out the following
References: Whitman, M., & Mattord, H. (2014). Principles of incident response and disaster recovery (Second ed.). Boston, MA: Course Technology, Cengage Learning. Berg, H., & Strahlenschutz, B. (2010). Risk management procedures, methods and experiences. 1. https://osha.europa.eu/en/topics/riskassessment/carry_out.