2. RISK MANAGEMENT MUHAMMAD SHOAIB SIDDIQUE 07 MCT 31 3. People
think risk as a blind approach 4. 5. 6. 7. RISK MANAGEMENT
- Thedis c iplineof identifying, monitoring and
limitingrisks.
8. WHERE DO THEY COME FROM?? 9. accidents 10. Natural causes 11.
deliberate attacks from an adversary. 12. RISK SECTORS..
13. IN BUSINESS..
- Tomanageuncertaintyand threats
- Motivate people to follow procedures
- To ensure conformance with risk-management policies.
14. PUBLIC SECTOR..
- To identify and mitigate risk to critical infrastructure.
15. What could we do about it?? 16. You are respons- able: able
to choose your respons! Be proactive in recognizing risk 17. Begin
with the end in mind 18. 19. Put first things first 20. The key to
time management is not to prioritize whats on your schedule but to
schedule your priorities 21. Think Win/win 22. Strategies
- Transferring the risk to another party
- Reducing the negative effect of the risk
- Accepting some or all of the consequences of a particular
risk.
23. Traditional Risk Management Programs
- Natural Disasters or Fires
24. Establishing The Context
- Mapping out the following:
-
- the social scope of risk management
-
- the identity and objectives of stakeholders
-
- the basis upon which risks will be evaluated, constraints.
25. RISKAssessment & Problems
- Their potential severity of loss and to the probability of
occurrence.
- several theories and attempts to quantify risks
-
-
-
-
- determining the rate of occurrence
-
-
-
-
- evaluating the severity of the consequences
-
-
-
-
- difficult for immaterial assets.
26. 27. Potential Risk Treatments
- Transfer (outsource or insure)
- Retention (accept and budget)
28. Creating A Risk-management Plan
- The risk management plan should propose
-
-
- Applicable and effective security controls for managing the
risks.
- A schedule for control implementation and responsible persons
for those actions.
-
-
- An observed high risk of computer viruses could be mitigated by
acquiring and implementing antivirus software.
29. 30.
- Initialrisk management planswill never be perfect.
-
-
- They will necessitate changes in the plan.
-
-
- Contribute information to allow possible different decisions
when dealing with the risks being faced.
31. WHY Upgrading PLANs
- Previously selected security controls areNO Moreapplicable and
effective.
- Due to possible risk level changes in the business
environment.
-
-
- information risks are a good example of rapidly changing
business environment .
32. 33. 34.
- If risks are improperly assessed and prioritized.
-
- Time can be wasted in dealing with risk of losses that are not
likely to occur.
-
- Spending too much time assessing and managing unlikely risks
can divert resources that could be used more profitably.
-
- Prioritizingtoo highlythe risk management processes could keep
an organization from ever completing a project or even getting
started.
-
- Time wasting until the risk management process is considered
complete .
- It is also important to keep in mind the distinction between
Risk and Uncertainty .
35. ThenWHAT???
- If the risk is unlikely enough to occur it may be better to
simply retain the risk and deal with the result if the loss does in
fact occur.
36.