Risk Management
Read this page and watch the video to learn more about the purpose of risk management and the four stages of the risk management process. Before you move on, make sure you have a good understanding of the formulas, and that you are able to use the formulas on this page to calculate single loss expectancy (SLE), annual rate of occurrence (ARO), and annual loss expectancy (ALE).
Instruction
Risk Management Benefits and Motivation
Besides identifying the risks facing an organization, a risk management program enables the organization to assess the impact risks can have on organization-wide performance and processes. Therefore, risk management not only provides risk evaluation, but can identify whether adequate controls are in place to mitigate risks effectively. The real benefit and motivation come down to cost. The process is designed to identify the optimal level of security at the minimum cost. It typically comes down to the cost of the countermeasure versus the cost of the security failure.
At point A, the cost of security failure is high, while the level of security assurance is low. At point B, there is too much money being spent to provide security assurance. At point D, the cost of security failures is equal to the cost of the security measures. Point D is optimal since the cost of both failures and security measures are minimized and security assurance is maximized.
Figure 3 – Cost versus security level trade – off
At point A, the cost of security failure is high, while the level of security assurance is low. At point B, there is too much money being spent to provide security assurance. At point D, the cost of security failures is equal to the cost of the security measures. Point D is optimal since the cost of both failures and security measures are minimized and security assurance is maximized.