The primary goal of risk management is to reduce the risk to an acceptable level.
You develop and implement information security strategies.
Managing risk is a key element to a sustain a secure environment.
→ It’s impossible to design and deploy a risk-free system, but minimizing risk often is pretty easy.
The process includes:
Is any action or system that reduces risk through lessening threats or eliminating a vulnerability.
Is a dollar value assigned to an asset. It represents all costs ranging from development, advertisement, support, replacement ****to elusive values such as industry support, productivity enhancement, etc.
Exposure is the state in which we are vulnerable.
It’s the possibility of a threat, which could be exploited. The quantitative risk analysis value of exposure factor (EF) calculates how serious the harm might be. This is how we measure exposure.
Risk is the possibility that something could damage, destroy, or disclose data.
The more likely that a threat event will happen the greater the risk.
When a risk is realized someone has taken advantage of a vulnerability. The purpose of security is to prevent this.