Monday, 17 February 2020

Risk Analysis

0 comments

Risk Analysis


? Risk is virtually anything that threatens or limits the ability of an organization to achieve
its mission.
? Risk management is a process to identify and then manage threats which could severely
impact or bring down the organization.
? Successful risk management needs the involvement of all levels of employers of an
organization.
? To successfully manage their risk in the future, organizations need to develop an enterprisewide
risk management framework.
? Organizations should regularly undertake comprehensive, focused assessment of potential
risks to the organization. This focused assessment should occur at least twice a year by a
team of staff members representing all the major functions of the organization.
? The purpose of a risk assessment is to help management create appropriate strategies and
controls for stewardship of information assets.
? Risk acceptance is also known by the name of risk retention. It is simply accepting the
identified risk without taking any measures to prevent loss or the probability of the risk
happening.
? Risk avoidance is a business strategy in which certain classes of activities or business
processes are not undertaken because the risks are too high to justify the return on
investment.
? Risk reduction reduces the potential loss associated with that risk.


Control: Any kind of counter measure that becomes fairly automated and meets the expectations
of upper management is called a control.
Risk: Any kind of analysis that ties-in specific threats to specific assets with an eye toward
determining the costs and/or benefits of protecting that asset is called risk, or risk assessment.
Risk Acceptance: It is simply accepting the identified risk without taking any measures to
prevent loss or the probability of the risk happening.
Risk Avoidance: It is a business strategy in which certain classes of activities or business processes
are not undertaken because the risks are too high to justify the return on investment.
Risk Control: It is the entire process of policies, procedures and systems an institution needs to
manage prudently all the risks.
Risk Management: It is a process to identify and then manage threats which could severely
impact or bring down the organization.
Risk Reduction: It reduces the potential loss associated with that risk.
Risk Transfer: It involves transferring the weight or the consequence of a risk on to some other
party.
Vulnerability: Any kind of asset that is not working optimally and is mission-critical or essential
to the organization, such as data that are not backed-up, is called a vulnerability.


No comments:

Post a Comment