| Risk management systems are an integral part of | | | | need to be put at the right places to help contain this |
| running any business that identify and handle any | | | | impact and protect the business. Trying to do away |
| risks that a company may face in the course of its | | | | with all business-related risks is never a sound |
| growth. There are strategies to tackle risks and | | | | business decision when analyzed from the point of |
| avoid failures and it is possible to prophesize what | | | | view of costs. Security risk management is in sync |
| the threats are that may surface in the future. The | | | | with the way business executives take decisions |
| idea is to detect the problems before they erupt and | | | | because it allows security managers to communicate |
| in doing so, many tools and methods come into play | | | | in a way that makes sense to decision makers. Using |
| in the whole process of risk management. | | | | risk management tools also helps security personnel |
| Risk management gives companies the much needed | | | | to stay in touch with business goals instead of simply |
| time to rectify any errors and take precautionary | | | | concentrating on destroying any threat as soon as it |
| steps before disaster strikes. There are many steps | | | | raises its ugly head. |
| involved in achieving this ultimate goal like: identifying | | | | On the other hand however, decision makers may |
| risks, analyzing them, reviewing the degree to which | | | | get too used to accepting threats and might even |
| they may occur, understanding risks and how to | | | | try to make a business case justifying their need to |
| react to them, and using methods to stop the risk | | | | protect against some development that might not |
| from surfacing. The information technology revolution | | | | have happened yet. Security risk reduction is basically |
| has completely revolutionized the way companies | | | | guesswork and can never be measured accurately |
| work, how governments operate and the manner in | | | | since the impact of what will happen in the future |
| which national defense is conducted. These systems | | | | depends on certain variables that are themselves |
| need to be protected at all costs from threats by | | | | dependent on unknown motives and resources |
| hackers, corporate raiders, spies, and criminals, each | | | | operating from not known locations at unknown |
| with a vested motive and interest in challenging the | | | | times. Assessing a risk is not only difficult but also not |
| technology for political and monetary gains. | | | | too effective since the quantitative costs pertaining |
| Security risk management studies suggest that risk is | | | | to an incident cannot be accurately determined. |
| a fundamental metric in security management. | | | | Moreover, a risk assessment that had been made on |
| Nothing is ever certain business and how much the | | | | a previous day may produce quite different results |
| risk is likely to be is based on the possibility that an | | | | when performed the following day because risks are |
| unwanted event will happen which will have a certain | | | | known to evolve over a period of time. |
| impact on the business. Thus appropriate controls | | | | |