Risk Management
Read this page and watch the video to learn more about the purpose of risk management and the four stages of the risk management process. Before you move on, make sure you have a good understanding of the formulas, and that you are able to use the formulas on this page to calculate single loss expectancy (SLE), annual rate of occurrence (ARO), and annual loss expectancy (ALE).
Instruction
The Risk Management Process
The risk management process consists of three stages:
- Risk analysis/assessment. This stage is designed to inventory or identify risk and classification of risk. Within the first stage, each risk event identified is recorded and examined to determine likelihood, current value of the asset and vulnerability exposure.
- Risk response. The risk response stage requires the planning of processes and procedures to address each risk item identified in the first stage. These processes and procedures are typically called controls.
- Evaluating and monitoring the implemented controls. This stage requires the organization to document, review and make continuous improvements or changes to manage risk.
Figure 2 – The risk management process