Risk Management

Risk management transforms duty to protect into what to protect, selects between risk acceptance, transfer, avoidance, and mitigation, and for risk mitigation approaches, attempts to match surety of mitigation with desired risk reduction.

Risks are generally formed from the combination of threats, vulnerabilities, and consequences. Threats, including nature and accidents as well as individual actors and groups, possibly acting in concert, exploit sequences of vulnerabilities to induce consequences.

Risk management is the process used by enterprises to turn duty to protect into decisions of what to protect and to what extent they should be protected. It leads to the executive security management function that is tasked with carrying out the duty to protect the things that should be protected to the extent appropriate to the need as identified by risk management.

For more details and in-depth coverage of these issues, download and read "Enterprise Information Protection"