Risk management

Simple steps to effectively manage Risk!

Risk management comprises of four basic components namely: risk framing, risk assessment, risk response, and risk monitoring. Each of these four components is interrelated with communication flowing through them. Risk management is a process that must be entrenched in the entire organization; from the system owners, administrators, developers, planners and managers and organization management. The top management reviews risk is a strategic level. They define the ecosystem in which risk-based decisions are determined, set the risk management process and develop the framework or risk management strategy.

Framing the risk

Framing the risk includes determining the likelihood or possibility of a vulnerability threat could affect the organizations and the consequences that would occur because of the risk. Constraints are the issues that restrict risk assessment at the organization level while tolerances are possible occurrences whose consequences are acceptable. Risk priorities are isolated events that must be protected against. Organizations prioritize risks acceptance of system based on the level of importance, or mission functions to the core business. As such, systems must have lowers risk tolerance and high-risk priority.

Risk assessment

This step creates a clear risk picture for the organization. It highlights threats directed to organization, internal and external vulnerabilities and the
consequences that occur when organization exploits a given vulnerability. In risk assessment phase, the likelihood of harm occurring is calculated. Organization determines components of risk assessment strategy such as tools, techniques, methodologies, constraints and assumptions to risk assessment and define the responsibilities for various positions in the risk management.

Risk response

This phase determines how an organization reacts to an identified risk. This phase is very crucial as it provides an organizational, consistent response that effectively addresses the risk frame. Risk response is a detailed plan that details a course of action, alternative courses of action evaluation, selecting appropriate course(s) of action and implementing the selected course of action.

Risk monitoring

Finally, the organization has to determine how it monitors risk over time. Risk monitoring validates if the risk plan has implemented the intended planned risk response.  Information security plans are derived from traceable mission or business functions.  It reviews the effectiveness of the current risk responses plan and determine if environmental changes can affect organizational risk profile.   Risk monitoring plans can be changed from time to time. Changes in risk management necessary for updates in organizations risk assessment, risk response and risk frame components.