RISK
Possibility of something bad happening
Probability X impact = risk score
Eg: flood only in rainy season
Risk identification > analysis > quatification > treatment
Concept of risk owner
Avoid, transfer, mitigate, accept
Enterprise risk management
ERM – business risk – IT risk – information security risk
Risk score
Qualitative method
1. High
2. Medium
3. low
Quantitative method
1. Scale of 1 to 10
2. Takes more time and data to do quantitative analysis
Sample risk register
Risk Owner Probability Impact Risk rating
Customer data business high high High
breach
Employee HR low high medium
laptop lost
Possibility of something bad happening
Probability X impact = risk score
Eg: flood only in rainy season
Risk identification > analysis > quatification > treatment
Concept of risk owner
Avoid, transfer, mitigate, accept
Enterprise risk management
ERM – business risk – IT risk – information security risk
Risk score
Qualitative method
1. High
2. Medium
3. low
Quantitative method
1. Scale of 1 to 10
2. Takes more time and data to do quantitative analysis
Sample risk register
Risk Owner Probability Impact Risk rating
Customer data business high high High
breach
Employee HR low high medium
laptop lost
