noun: risk management
– the method used to mitigate or prevent accidental or intentional loss to an organization.
-Risk management is the process of predicting, measuring and controlling the impact of harm to an organization by identifying the threats to identified vulnerabilities and then limiting mitigating vulnerabilities.
-The process of identifying, analyzing and then either acceptance or mitigation of uncertainty in decision-making.
CNSSI 4009 is describes risk management as, adapted
“The program and supporting processes to manage
information security risk to organizational operations
(including mission, functions, image, reputation),
organizational assets, individuals, other organizations,
and the Nation, and includes: (i) establishing the context
for risk-related activities; (ii) assessing risk; (iii)
responding to risk once determined; and (iv) monitoring
risk over time.”
More risk management descriptions in ISO 31000:2009, Risk management – Principles and guidelines, NIST SP 800-39, Managing Information Security Risk, NIST SP 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems