Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives and deciding what countermeasures(safeguards or controls), if anym to take in reducing risk to an acceptable level, based on the value of the information resource to the organization.
* Avoid: choose not to implement certain activities or process that would incur risk.
* Mitigate: Lessen the probability or impact of the risk by defining, implementing and monitoring appropriate control.
* Transfer: Share risk with partners or transfer via insurance coverage, contractual agreement.
* Accept: Formally acknowledge the existence of the risk and monitor it.
沒有留言:
張貼留言