Risk Management

Read this page and watch the video to learn more about the purpose of risk management and the four stages of the risk management process. Before you move on, make sure you have a good understanding of the formulas, and that you are able to use the formulas on this page to calculate single loss expectancy (SLE), annual rate of occurrence (ARO), and annual loss expectancy (ALE).


The principle of risk includes three ideas: it examines an event, and then combines its probability with its potential impact. When examining risk two questions are always examined: what is the probability that a particular event will occur? And what negative impact would this event have if it actually occurred? Risk is measured by combining the results of these two questions. A high risk event would have both a high probability combined with a significant negative impact if it occurred. The concept of measuring risk must always be focused on the future.

Lesson Objectives

By the end of this lesson, you will be able to:

  1. Explain the purpose of risk management.

  2. Discuss the impact of the Target Corporation data breach.

  3. Demonstrate the ability to incorporate risk management principles and best practices into an organization – wide plan.

  4. Explain the methods of managing risks.

  5. Perform a quantitative risk assessment analysis.

  6. Perform a qualitative risk assessment analysis.

Source: National Information Security and Geospatial Technologies Consortium (NISGTC), https://www.edjet.com/scorm-content/edjet-prod-uploads/1bbb6bd2940fd96497953e96a7011e315c141cf3/771aacefbe2ed9e16b17173a36b691df/story_content/WebObjects/6MLNkf2prXH/lesson02/index.html
Creative Commons License This work is licensed under a Creative Commons Attribution 3.0 License.