Shopping Cart | Training Portal | Contact Us | 1-800-473-5181

Understanding Risk - A 5-step risk management strategy

Posted on July 19th, by Ken Kousky in Security Blog. No Comments

So, what is risk? What does it mean? We can define risk as the possibility that bad, unplanned or unexpected things happen. It implies, most often, after the fact, that something could have been done about the “risk” to prevent the bad things. In many of the most disastrous events, there were clear warnings and a multitude of actions that should have been taken.

Risks can be mitigated. Risky activities can be reduced and safeguards can be implemented.  Why then do we continue to see disastrous events in the papers that could have been avoided? Simply put, Western societies seem to have forgotten about it. We ended the twentieth century with a growing belief that all of the critical issues of the world had been solved. Resources would be efficiently allocated through free competitive markets and social issues resolved by the universal adaption of democratic practices. But this myopia, which took fifty years to develop, will likely take more than a decade to change and many organizations don’t have the resources to manage it effectively.

So, where do we start? We believe it should become an automated process. Identify and develop some key fundamental steps to help define your risk management strategy. Keep it simple at the beginning so you can measure and mitigate effectively and develop a more detailed plan as you learn and identify more risks.

Steps in a simple risk management strategy:

  1. Identify the potential risks. List all of the different scenarios that could potentially go wrong.
  2. Develop a measurement tool to gauge the impact and severity of the risk. Ask yourself what is the probability of the risk happening and what is the impact.
  3. Develop alternative solutions to the various risk scenarios:
    Identify the possible ways to mitigate the risk while measuring the effectiveness and budget restrictions.
  4. Determine remediation solutions to be used and implement Allocate the needed resources and obtain management buy-in
  5. Continuously monitor results. Develop a monitoring schedule. You must check frequently to ensure your plan is working? Identify any needed changes or updates based on threat and risk assessment criteria.

Leave a Reply

Your email address will not be published. Required fields are marked *

Security Blog

Does your smartphone app discover all your accounts?

There’s a chill in the air, and it’s not just the normal fall morning breeze. In the era of NSA Prism/Xkeyscore/whatnext surveillance, and...

Ethical implications of whistle blowing

(ISC)2 code of ethics; Protect society, the commonwealth, and the infrastructure. Act honorably, honestly, justly, responsibly, and legally. Provide diligent and competent service to principals. Advance and protect...

The Great ATM Heist - is it really newsworthy?

On Friday, May 10, we saw many headlines about the latest great ATM bank robbery. Apparently these types of attacks are being regarded as...