b. Risk management
This page is part of the risk services which belongs to the Governance, compliance and risk assessment section of our services that includes: risk assessment, internal controls, risk management (you are here), the risk checklist and why penetration testing fails.
The goal of managing risk is to calculate AND understand the kind of and level of risk your business is exposed to and strategically manage the risk to maximize your profit potential.
Understanding and managing risk is an inherent part of the business process. Taking planned risks will be rewarded with profit and growth. Effective controls will help offset the danger that risks pose.
The process of combining a risk assessment with decisions on how to address that risk is called risk management.
Risk management is part of a larger decision process that considers the technical and social aspects of the risk situation.
Especially in cases where risks cannot be quantified without difficulty, a monitoring system that uses sensors, controls and key indicators must be used to be able to keep track of the situation.
What is the value proposition?
| 1 | Risk means | the threat or possibility that an action or event will adversely or beneficially affect the enterprise’s ability to reach its objectives.In other words, (probability)x(hazard) = risk. The first two values must be known or at least estimated in order to define risk. |
| 3 | Risk management means | the process of analyzing potential losses from a given hazard using a combination of- known information about the situation,- knowledge about the underlying process, and- judgment about the information that is not known or well understood. |
| 3 | Risks that are left untracked | can cause serious damage to the firm (e.g., being part of litigation, product flop or failure in the marketplace) and its efforts to achieve its strategic objectives (e.g., growth, cost management, profitability) |
| 4 | Solution | implement and monitor appropriate control and risk indicators to manage risk mitigation satisfactorily |
| CyTRAP Labs provides clients with tools that facilitate the: | ||
| A | better articulating and documenting of the amount of risk taking that is acceptable to the firm, and | |
| B | more efficient and effective risk management to assure better risk governance | |
We define risk management as the the systematic application of organizational policies (e.g., privacy), practices (e.g., customer returns) and procedures (e.g., shipping and handling) to the task of analyzing, assessing, treating, monitoring and reporting on risks (e.g., possible violoation of laws, financial fraud) to the board of directors and other stakeholders.allows business owners to include risks in their business strategy.
By conceiving of the risks related to business activities, your company can focus on preventative rather than reactive risk management.
By looking at risk management in terms of processes, a business can use known risks to its advantage, while offsetting the threat that they pose with specific controls.
As a result of this work, risks no longer become threats, but planned activities in the business process. This brings the added benefit of maintaining a clear repository of risks and controls and how they are related to the business process management along the dimensions of time and ownership.
Coupled with a reporting tool, your company can achieve compliance with as little hassle as possible.
Without proper risk assessment, performing effective risk management is impossible:
– how to combine risk assessment with risk management – six step process
Article source: CyTRAP Labs and ComMetrics: Risk management
Pingback: CyTRAP Labs - EU-IST - we help protect since 2000 » Blog Archive » UK data disaster - a case for why critical incident response procedures do make a difference