Shopping Cart | My Account | Training Portal | Contact Us | 1-855-668-5858

Understanding Risk - A 5-step risk management strategy

Posted on July 19th, by Ken Kousky in Security Blog. No Comments

So, what is risk? What does it mean? We can define risk as the possibility that bad, unplanned or unexpected things happen. It implies, most often, after the fact, that something could have been done about the “risk” to prevent the bad things. In many of the most disastrous events, there were clear warnings and a multitude of actions that should have been taken.

Risks can be mitigated. Risky activities can be reduced and safeguards can be implemented.  Why then do we continue to see disastrous events in the papers that could have been avoided? Simply put, Western societies seem to have forgotten about it. We ended the twentieth century with a growing belief that all of the critical issues of the world had been solved. Resources would be efficiently allocated through free competitive markets and social issues resolved by the universal adaption of democratic practices. But this myopia, which took fifty years to develop, will likely take more than a decade to change and many organizations don’t have the resources to manage it effectively.

So, where do we start? We believe it should become an automated process. Identify and develop some key fundamental steps to help define your risk management strategy. Keep it simple at the beginning so you can measure and mitigate effectively and develop a more detailed plan as you learn and identify more risks.

Steps in a simple risk management strategy:

  1. Identify the potential risks. List all of the different scenarios that could potentially go wrong.
  2. Develop a measurement tool to gauge the impact and severity of the risk. Ask yourself what is the probability of the risk happening and what is the impact.
  3. Develop alternative solutions to the various risk scenarios:
    Identify the possible ways to mitigate the risk while measuring the effectiveness and budget restrictions.
  4. Determine remediation solutions to be used and implement Allocate the needed resources and obtain management buy-in
  5. Continuously monitor results. Develop a monitoring schedule. You must check frequently to ensure your plan is working? Identify any needed changes or updates based on threat and risk assessment criteria.

Leave a Reply

Security Blog

Eliminate the boring in your IT Security training program

When you get it wrong, the signs are painfully clear, but the reasons may not always be obvious.  Making that all-important connection with your...

Why we fail at leveraging technology in education

There are three reasons why we fail at leveraging technology in education. First, we are undoubtedly missing the root cause of the systemic failure....

Learning Through Context

What do we mean by context exactly and why do we believe teaching contextual based is better than content?

By context, I mean three things....