Risk management is the process of identifying potential risks, analyzing them, and take precautionary steps to mitigate those risks. To understand risk management better, you must know about the following terms:
- Threat: that might cause harm like software compliance, human error, environmental factors, infrastructure issues, intellectual property, and human error etc.
- Vulnerability: a weakness that can be exploited
- Impact: degree of damage to an asset of an organization
So, risk is the possibility that a threat exploits a vulnerability leading to an adverse impact. These risks, or threats could arise from various sources including legal liabilities, human errors, strategic management errors, financial uncertainties, and natural disasters etc. Risk management strategies have become a top priority among IT companies to mitigate the risks related to Human Resource, Finance, Infrastructure, Network & IT security, intellectual property, and Customer’s Personal Identifiable Information (PII).
Risk management process contains steps which includes:
- Risk Identification
- Risk Analysis
- Risk Assessment and Evaluation
- Risk Mitigation
- Risk Monitoring
ISO Guide 73:2009 is the vocabulary widely used for risk management, and provides definitions of generic terms related to risk management.