Risk management is the process of minimizing risks by a combination of organizing and planning the use of the organization's activities assets in a manner which minimizes or controls risk in some way. Risk analysis is used as a tool to give management the ability to make informed risk management decisions. Risk management includes the process of assessing risks, deploying either solutions to minimize risk or accept the risk, and providing contingency plans for the cases when threats materialize. Risk management is applied at many points of time during the life of a system. A system is the entire encompassing set of resources that are required to provide a specific business functionality. The system may include:
- The computer systems required to run or use the system.
- The network required to connect the computers involved.
- The computer software required to run the system especially including the application software.
- The systems that back up data.
- The people that run and/or use the system.
- The buildings the system resides in.
Risk Management Process
The risk management process includes the risk assessment process and the concluding steps required to mitigate, transfer, or accept risk. Beyond that, risk management includes a repeat and re-evaluation of the process to keep risk managed and the mitigation activities effective and current.