• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

securitywing

Menu
  • About
  • Must Read
      • IIS Performance Boost
      • RFID Security
      • Web App Security Testing
      • How to Secure Home Network
      • Prevent Cross-Site Scripting Attacks
      • Renew Self-Signed Certificates
      • Penetration Testing Tools
      • VPN Concentrator
      • Forensic Investigation Tools
      • Digital Certificates
      • Cloud Security Issues
      • Advanced Evasion Prevention
      • Firewall Types
      • Tips to Prevent Data Exfiltration
      • Classified Info Handling
      • MySQL Security
      • Definition of 7 Types of Malware
      • VOIP Security
      • Why Antivirus Software Fails
      • 15 Network Security Vulnerabilities
      • Web App Security
      • IT Security Standards
      • Types of Virtualization
      • Android Security
      • Digital Signature
      • Advanced Malware Protection
    • Close
  • Consultancy
  • Contact

Risk Management Process Simplified

by wing

Risk is the possibility of happening unknown or known events that can affect the main objectives of a project. It is not necessary that all the risk will cause disruption in achieving objectives of a goal because a risk can come in the form of a threat or an opportunity. If it comes as an opportunity that it will help the project to get benefit out of it. If you want to keep the risk to a controllable and manageable level, you need to follow the five processes and those are:

  • Identify
  • Assesses
  • Plan
  • Implement
  • Communicate

In order to identify a risk, you need to obtain information about the things that is subject to risk management. For example, you want to mitigate the risk of server downtime of an organization to a certain time limit,  you need to collect all the information of the software, hardware, physical location, environment protection and power supply system  as well as the custodian and owner of the  servers. So, the identification of a risk begins with collection of the relevant information of a system that  you want to protect from an impending threats.  During the identification process you need to list all the threats and opportunities in a risk register, which is just a register to enlist of the identified risks.

risk management process

 

You can follow a few techniques that are commonly used to systematically identify risks and those are:

  • Review lessons
  • Risk checklists
  • Risk prompt lists
  • Brain storming
  • Risk breakdown structure

Risk assessment: this has two parts-one is estimation and the other one is evaluation. In risk estimation part you have to find out the probability of occurring a certain threat and its impact on the business operation. For assessment, you can use some well-known techniques such as probability trees, expected values, Pareto analysis, and probability impact grid. In the evaluation part, you have to figure out the aggregated effect of the identified risks.   Risk models and expected monetary value are two important techniques that can be used in the evaluation process.

Plan

As you know that the nature of risks are unpredictable at times. Despite every attempt to prevent risks, there are unknown sources and reasons which only revealed to us when the actual risk occurs. So, as a risk manager you always need to prepare your plan in order to respond any particular threats and opportunities.  When preparing the risk plan, one need to consider that the cost of implementation, probability the risks and its impact on the business. Depending on the consequences and impact of risk on your business operation, you need to prepare a threat and opportunity responses. In the plan phase you need to mention the name of risk owner (who manage, monitor and control risks) and the risk auctioneers (the ones who carry out the risk response procedures when a risk occurs).

Threat response plan

Opportunity response

Avoid the risk

Exploit the opportunity to improve security and reliability of a system

Reduce the risk

Enhance the opportunity

Make a fall back plan as a response

Transfer the risk (such as insurance)

Share the risk among various parties or departments

Accept the risk

Reject the opportunity( opposite of exploiting)

Note: there are two types of risks: primary and secondary. The primary risks are the threats and opportunities and the secondary risks are the risk that may occur when you respond to the primary risk.

Implementation: making a response plan is not enough unless the full potential of the risk response techniques are realized, which is only possible when any risk incident takes place. When a risk occur, you need to ensure that the planned risk responses are effective, efficient  and monitored well enough so that you can make an effective performance report on risk response methods and can take necessary steps to improve it.

If you are managing risks in a project, then you need to take every steps that ensure  the reporting of risks at every report in a project life cycle such as in the checkpoint, highlight, end stage, end project and lesson reports. This process of risk management is also known as communication, where the risks are communicated to the proper authorities for any special comment or feedback. Finally, the risk management is a continuous process and there are not perfect methods on Earth that can guarantee that threats will not be materialized. Despite taking all the high level precautions by the greatest planner on Earth, there occurred space shuttle challenger disaster in 1986. So, plan for the risks with all your knowledge and keep improving your plan as you see an opportunity to do so.

Related Posts:

  • Top 10 RFID Security Concerns and Threats
  • Acunetix Web Vulnerability Scanner to Detect your Website’s Security Loopholes

Filed Under: IS Audit Tagged With: risk

Primary Sidebar

CISSP Sample Test

Take a CISSP Sample Test

CISA IT governance Sample test



Twitter Follow @securitywing

Categories

  • AWS
  • containers
  • Internet Security and Safety
  • IS Audit
  • IT Security Exams
  • Network Security Tips
  • Off Track
  • Telecom
  • Tutorial

Pages

  • About
  • Best IT Security Certification Exam
  • CISA IT governance Sample test
  • CISA Sample Test
  • CISSP Sample Test Online
  • Consultancy
  • Contact

Popular Posts

  • 8 Effective Ways to Impro...
  • 3 Steps to Install Miniku...
  • Yahoo Mail Security Setti...
  • How to Setup AWS CloudFro...
  • 3 Simple Steps to Capture...
  • 5 Steps to Setup a Nexus3...
  • How to Configure AAA (TAC...
  • How to Install AWS CLI an...
  • How to Configure SNMP in...
  • How to Renew Self-Signed...

Footer

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

antivirus audit AWS backup browser check cisco cloud computer cyber data database encryption firewall home hsrp ids informaiton internet intrusion it kubernetes linux load balancing malware network protection putty risk router security security tips server ssh SSL switch tools virus vpn vulnerability web webserver website windows wordpress

Copyright © 2010-2023 ·All Rights Reserved · SecurityWing.com