View
9
Download
1
Category
Preview:
Citation preview
In the Name of ALLAH,
the Most Beneficent the Most Merciful
Topic:
Risk & Risk Controlling
Presented By:
Daniyal Khan (0047)
Information Security Management
A situation involving exposure of danger or uncertainty of profit/loss is called Risk.
Risk
There are four types of risk control.
1) Accept Risk
2) Mitigate Risk
3) Eliminate Risk
4) Transfer Risk
Types of risk control
The stakeholders who are responsible for a risk can choose to accept a risk. For example, the risk that a project may fail may be accepted if
the project is of planned importance.
Risk management may include an approval process for risk acceptance.
Accept Risk
Actions are taken to reduce risk to an acceptable level. For example, the
organization assigns a top performing project management team to a project to
reduce the risk that it will fail.
Mitigate Risk
When you mitigate risks it's important to consider secondary risks. Secondary risks are
the risks that are caused by your risk mitigation efforts.
If you reduce a security risk by applying an update to software there's a risk that the update itself contains security vulnerabilities. In some cases, mitigation activities are higher risk than
the risk they reduce.
Secondary Risk
A risk may be reduced to zero. Normally the only way to achieve this is to stop the
activity that generates the risk. For example, selling a risky investment will eliminate the risks associated with that
investment.
Eliminate Risk
A risk may be transferred to another organization or individual. For
example, fire insurance transfers the risk of asset damage due to fire.
Transfer Risk
Recommended