The Process of Risk Management

2569 Words6 Pages

Chapter One
1. In your own words, what is risk management?

Risk Management is the process that a company goes through to define organizational assets, threats and vulnerabilities and devise ways to protect them. According to Roper, the importance of risk management as a single function, for an organization is becoming more and more understood within the upper levels of business management (Roper, 1999). Additionally, CEO’s, COO’s and CFO’s worldwide know that every decision will have pros and cons that will carry some degree of risk (“Risk Management”, n.d.).

According to Best Practices website; “Effective risk management delivers far-reaching benefits to all organizations and allows them to keep the business profitable and the organization running”. The benefits of risk management will include:

•Better basis for strategy setting
•Improved service delivery
•Greater competitive advantage
•Less time spent fire-fighting and fewer unwelcome surprises
•Increased likelihood of change initiatives being achieved
•Closer internal focus on doing the right things properly
•More efficient use of resources
•Reduced waste and fraud, and better value for money
•Improved innovation
•Better management of contingent and maintenance activities.

Today there are several strategies and templates out there to help businesses execute risk management at an organizational level. The security professional is also being tasked with acquiring the skills of a risk manager and this is adding new levels to the job.

2. Risk Management is said to be a systems approach. What are the advantages of using a systems approach in the risk management process?

The need for an organization to protect its assets is critical to the organization’s survival. A “...

... middle of paper ...

...tion process. In the security field there are many consultants and consultation companies that will provide this kind of service. Even in organizations that have an in-house security expert, periodic assessments from an outside auditor is often recommended, but regardless of the source, periodic assessments must be made and, in turn, the security manager must be prepared to use all available resources to create a proactive and reactive defense strategy. Because a variety of automated and non-automated methods are employed, the security manager needs to stay current on the known and emerging threats and countermeasures if he expects to be prepared to protect organizational interests. Continuing education, research and periodic risk assessments will all play a part in the success of a comprehensive information security package and effective management practices.

Open Document