risk management

• 1.

2. RISK MANAGEMENT MUHAMMAD SHOAIB SIDDIQUE 07 MCT 31 3. People think risk as a blind approach 4. 5. 6. 7. RISK MANAGEMENT

• Thedis c iplineof identifying, monitoring and limitingrisks.

8. WHERE DO THEY COME FROM?? 9. accidents 10. Natural causes 11. deliberate attacks from an adversary. 12. RISK SECTORS..

• Business.

• Public sector.

• • • • • etc

13. IN BUSINESS..

• Tomanageuncertaintyand threats

• Motivate people to follow procedures

• To ensure conformance with risk-management policies.

14. PUBLIC SECTOR..

• To identify and mitigate risk to critical infrastructure.

15. What could we do about it?? 16. You are respons- able: able to choose your respons! Be proactive in recognizing risk 17. Begin with the end in mind 18. 19. Put first things first 20. The key to time management is not to prioritize whats on your schedule but to schedule your priorities 21. Think Win/win 22. Strategies

• Transferring the risk to another party

• Avoiding the risk

• Reducing the negative effect of the risk

• Accepting some or all of the consequences of a particular risk.

23. Traditional Risk Management Programs

• Health Risk Assessment

• Natural Disasters or Fires

• Accidents

• Ergonomics

• Death and Lawsuits

• Financial Risks

24. Establishing The Context

• Identification

• Planning

• Mapping out the following:

• • the social scope of risk management

• • the identity and objectives of stakeholders

• • the basis upon which risks will be evaluated, constraints.

• Defining a framework

• Developing an analysis

• Mitigation

25. RISKAssessment & Problems

• Their potential severity of loss and to the probability of occurrence.

• several theories and attempts to quantify risks

• • • • • determining the rate of occurrence

• • • • • evaluating the severity of the consequences

• • • • • difficult for immaterial assets.

26. 27. Potential Risk Treatments

• Avoidance (eliminate)

• Reduction (mitigate)

• Transfer (outsource or insure)

• Retention (accept and budget)

28. Creating A Risk-management Plan

• The risk management plan should propose

• • • Applicable and effective security controls for managing the risks.

• A schedule for control implementation and responsible persons for those actions.

• Example

• • • An observed high risk of computer viruses could be mitigated by acquiring and implementing antivirus software.

29. 30.

• Initialrisk management planswill never be perfect.

• Factors:

• • • • Practice

• • • • Experience

• • • • Actual loss results.

• • • They will necessitate changes in the plan.

• • • Contribute information to allow possible different decisions when dealing with the risks being faced.

31. WHY Upgrading PLANs

• Previously selected security controls areNO Moreapplicable and effective.

• Due to possible risk level changes in the business environment.

• • • Example:

• • • information risks are a good example of rapidly changing business environment .

32. 33. 34.

• If risks are improperly assessed and prioritized.

• • Time can be wasted in dealing with risk of losses that are not likely to occur.

• • Spending too much time assessing and managing unlikely risks can divert resources that could be used more profitably.

• • Prioritizingtoo highlythe risk management processes could keep an organization from ever completing a project or even getting started.

• • Time wasting until the risk management process is considered complete .

• It is also important to keep in mind the distinction between Risk and Uncertainty .

35. ThenWHAT???

• Unlikely events do occur

• If the risk is unlikely enough to occur it may be better to simply retain the risk and deal with the result if the loss does in fact occur.

36.