Risk management -- Principles and guidelines
Number of Pages: 24
|Edition: 1 (Monolingual)||ICS: 03.100.01|
|Status: Under development||Stage: 50.20 (2009-05-25)|
|TC/SC: TMB||Target publication date: 2009-06-30|
From Wikipedia, the free encyclopedia
|This article appears to contain a large number of buzzwords. Please help rewrite this article to make it more concrete and meaningful.|
|This article contains instructions, advice, or how-to content. The purpose of Wikipedia is to present facts, not to train. Please help improve this article either by rewriting the how-to content or by moving it to Wikiversity or Wikibooks.|
Risk Management is the identification, assessment, and prioritization of risksfollowed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events.. Risks can come from uncertainty in financial markets, project failures, legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attacks from an adversary. Several risk management standards have been developed including the Project Management Institute, the National Institute of Science and Technology, actuarial societies, and ISO standards. Methods, definitions and goals vary widely according to whether the risk management method is in the context of project management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health and safety.
For the most part, these methodologies consist of the following elements, performed, more or less, in the following order.
- identify, characterize, and assess threats
- assess the vulnerability of critical assets to specific threats
- determine the risk (i.e. the expected consequences of specific types of attacks on specific assets)
- identify ways to reduce those risks
- prioritize risk reduction measures based on a strategy
The strategies to manage risk include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk.