Risk Management

Question 1

Definition of risk management:

Answer 1

Risk management refers to the process of identifying, assessing, and acting on potential risks. It is an ongoing process designed to reduce the risk level and keep it at an acceptable level.

Key points:

1. there are three steps
   - step one: identify the risk
   - step two: assess the identified risk
   - step three: act on the assessment of the identified risk (i.e. do something to lower the potential risk based on your assessment)

Question 2

The objectives of risk management:

Answer 2

• identify potential risks
• identify the impact of those risks
• create a risk management strategy and plan
• assign priorities to risks
• control the level of risk
• develop strategies to mitigate long-term risk

Question 3

The steps to take when conducting risk management:

Answer 3

1. Identification:
   Become aware of the potential risk(s)

• Ermin didn’t say this, but I’m assuming you should have systems in place that allow you to properly identify these risks

2. Assessment:
   Assess the actual danger that the risk may present and prioritize it accordingly

“What is the likelihood that the the threat which the risk represents will actualize?”
-Ermin

3. Treatment:
   Actions taken by you, your company, or whoever else is conducting the risk management in order to mitigate identified risks

• “treatment is a live process, it’s not something you do once and let go afterwards”
• in order to properly treat a risk, one of the first things you have to do is discover an appropriate method that will most efficiently lower that particular risk (Instituting a policy, etc).
• when conducting a treatment, you will need to create a cost/value calculation so that you can properly note whether or not a risk is worth the price it would cost to lower or eliminate.
• in terms of creating a cost/value calculation, you’ll have to factor in the likelihood of whatever particular method you’ve chosen actually succeeding.
• After conducting a treatment, it’s generally a very good idea to measure the success of the particular treatment which was used, and you do so by > tracking and reviewing < it (our next step).

4. Tracking and Review:
   After treating a risk and assuming that it has been mitigated or eliminated, you must continue to track whether or not the threat made present from this risk has been actualized, and whether or not the policy (or other treatment method) you’ve put into place has properly reduced this particular risk.

• You must review this continuously to see if you can improve something, reduce the cost, etc.
• Even if everything w/in your system remains entirely static and unchanged, you must still review your instituted policies and potential risks. New technologies pop up at an excessive rate and people are always coming up w/ new creative ways of ganKing up your steeze. A measure you put in place just two weeks ago may now be compromised and must be revised. SpOoky.
  Or, new technologies may have come about that you can implement in place of your older measures for a lower cost.

So, best to just keep a healthy degree of paranoia and skepticism (preferably w/out stressing yourself out too much. Take care of yourself. Stop playing so many videogames. Come home, your mother and I are very worried).