Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

Could any one define the Risk Management Process?

user-image
Question ajoutée par Sarfaraz Chougule , Consultant and Trainer , Consultant
Date de publication: 2014/02/07
Ahmed Montasser Hasan Ibraheem Farag
par Ahmed Montasser Hasan Ibraheem Farag , Project Manager , Rawafed Tech

Risk planning

Risk identification

Risk quantitative

Risk qualitative

Risk response

Wasim Khalil Mustafa Ali PMP®
par Wasim Khalil Mustafa Ali PMP® , Consultant , Malomatia

Identify, assess, plan and implement

Shereef K. Abbas
par Shereef K. Abbas , Information Security Manager , Electronic Documents Centre LLC

Assalamu AlaikumIt's a very broad subject Mr. Sarfaraz. At the basic level, Risk management is a comprehensive process that includes:

 

1.    Defining the scope - within which risks must be identified, assessed, responded and monitored

 

2.    Assess the risk - Risks within the scope are assessed and classified according to their impacts. You can use different ‘methodologies’ for Risk Assessment and they follow two approaches:1.    Quantitative2.    Qualitative(refer to ‘Guide for Conducting Risk Assessments’2.3.2)

 

3.    Risk Response - There are four ways to respond to an assessed risk

1.    Treat -  the risk by implementing necessary controls

2.    Terminate – whatever that’s causing the risk because the other three options are not feasible

3.    Transfer – the risk to a third party. e.g., Insurance Companies

4.    Tolerate – the risk; move on doing nothing about it, hoping of the best.

 

4.    Monitor - the risk so that they have less chance of materializing or that you are prepared if they do. In Risk Management philosophy risk is only mitigated never eliminated. So, even after you ‘treat’ a risk, ‘Residual Risk’ may remain.

 

Please use the following links. They are bit dry, but excellent sources of information. They are also adopted worldwide for Information & IT Security

Managing Information Security Risk http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf

Guide for Conducting Risk Assessmentshttp://csrc.nist.gov/publications/nistpubs/800-30-rev1/sp800_30_r1.pdf

Guide for Applying the Risk Management Framework to Federal Information Systemshttp://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf

http://www.southwales-fire.gov.uk/English/aboutus/fireservicepublications/Documents/Risk%20Management%20Guidelines.pdf

Hope this helps. Good Luck.

 

regards,

Shereef

More Questions Like This