IT Security Blog

Your source for information security news and views.

Understanding Risk - a 5-step risk management strategy

Posted by Ken Kousky
Ken Kousky
Ken Kousky has not set their biography yet
User is currently offline
on Wednesday, 11 July 2012 in Uncategorized

So, what is risk? What does it mean? We can define risk as the possibility that bad, unplanned or unexpected things happen. It implies, most often, after the fact, that something could have been done about the “risk” to prevent the bad things. In many of the most disastrous events, there were clear warnings and a multitude of actions that should have been taken.

Risks can be mitigated. Risky activities can be reduced and safeguards can be implemented.  Why then do we continue to see disastrous events in the papers that could have been avoided? Simply put, Western societies seem to have forgotten about it. We ended the twentieth century with a growing belief that all of the critical issues of the world had been solved. Resources would be efficiently allocated through free competitive markets and social issues resolved by the universal adaption of democratic practices. But this myopia, which took fifty years to develop, will likely take more than a decade to change and many organizations don’t have the resources to manage it effectively.

So, where do we start? We believe it should become an automated process. Identify and develop some key fundamental steps to help define your risk management strategy. Keep it simple at the beginning so you can measure and mitigate effectively and develop a more detailed plan as you learn and identify more risks.

 Steps in a simple risk management strategy:

  1. Identify the potential risks. List all of the different scenarios that could potentially go wrong.
  2. Develop a measurement tool to gauge the impact and severity of the risk. Ask yourself what is the probability of the risk happening and what is the impact.
  3. Develop alternative solutions to the various risk scenarios:
    Identify the possible ways to mitigate the risk while measuring the effectiveness and budget restrictions.
  4. Determine remediation solutions to be used and implement Allocate the needed resources and obtain management buy-in
  5. Continuously monitor results. Develop a monitoring schedule. You must check frequently to ensure your plan is working? Identify any needed changes or updates based on threat and risk assessment criteria.
Tags: Untagged
Ken Kousky has not set their biography yet


Please login first in order for you to submit comments