sponsored by ComputerWeekly.com
Posted:  24 Oct 2011
Published:  25 Nov 2010
Format:  PDF
Length:  48  Page(s)
Type:  White Paper
Language:  English

This Technical Standard provides a taxonomy describing the factors that drive risk – their definitions and relationships. This Technical Standard is not a reference or tutorial on how to assess or analyze risk, as there are many such references already available. This Technical Standard also does not cover those elements of risk management that pertain to strategic and tactical risk decisions and execution. In the overall context of risk management, it  is important to appreciate that our business objective in performing risk assessments is to identify and estimate levels of exposure to the likelihood of loss, so that business managers can make informed business decisions on how to manage those risks of loss – either by accepting each risk, or by mitigating it – through investing in appropriate internal protective measures judged sufficient to lower the potential loss to an acceptable level, or by investing in external indemnity. Critical to enabling good business decision-making therefore is to use risk assessment methods which give objective, meaningful, consistent results. Fundamental to risk assessments is a sound approach: You can't effectively and consistently manage what you can't measure, and you can't measure what you haven't defined. The problem here is that a variety of definitions do exist, but the risk management community has not yet adopted a consistent definition for even the most fundamental terms in its vocabulary; e.g., threat, vulnerability, even risk itself. Without a sound common understanding of what risk is, what the factors are that drive  risk, and a standard use of the terms we use to describe it, we can't be effective in delivering meaningful, comparable risk assessment results. This Risk Taxonomy provides the necessary foundation vocabulary, based on a fundamental analysis of what risk is, and then shows how to apply it to produce the objective, meaningful, and consistent results that business managers need

Risk Assessment | Risk Management | Security | Security Best Practices

View All Resources sponsored by ComputerWeekly.com

About TechTarget:

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines

All Rights Reserved, Copyright 2000 - 2014, TechTarget | Read our Privacy Statement