Risk Management
Process of finding ways to minimize the likelihood of an undesirable outcome from occurring so that the desired outcomes can be reached
Risk = Threat * Vulnerability (or Likelihood)
Risk = Threat * Vulnerability * Impact
Total Risk = Threat * Vulnerability * Asset Value
Residual Risk = Total Risk - Countermeasures
Risk Management Lifecycle
- Risk Identification
- Risk Assessment
- Risk Response and Mitigation
- Risk and Control Monitoring and Reporting
Due Diligence: Doing the research before implementation
Due Care: Implementation