Risk Management
Premium roomLearn about framing, assessing, responding, and monitoring risk.
easy
90 min
28,534
To access material, start machines and answer questions login.
You have just finished your work, prepared a hot cup of coffee, and decided to finish a new room on your favourite cyber security training platform. Now you want to enjoy your coffee while completing the room’s tasks; however, you pause momentarily and think, “What if the coffee spills on your desk and gets on your keyboard?” You can consider one of the following:
- Enjoy your coffee before you finish a few more tasks. This way, you ensure that there is no way that coffee would get inside your keyboard.
- Drink your coffee while doing new tasks. No matter how small, there is a chance that your coffee mug might spill and your keyboard would need to be serviced (or replaced).
- You decide you cannot work without coffee, so you visit a nearby computer store and get yourself a keyboard protector or even a spill-resistant keyboard. This way, any coffee spill won’t cause any damage.
Every activity entails some level of risk. In layperson’s terms, the risk is the possibility that something unwanted or harmful might happen due to an action or event. This thought process does not require any formal study of risk management. However, all three routes explored above can be valid responses to risks. In this case, it is the risk of spilling liquid on your keyboard.
- If you decide not to bring coffee anywhere near your desk, that would be risk avoidance.
- Drinking coffee while working with full knowledge of the risk would fall under risk acceptance.
- Finally, upgrading your keyboard would be a risk reduction.
Responses to risk will be explored and discussed in detail in a later section; however, we hope that this example from everyday life intrigues you to learn more about risk management formally.
We will revisit this in more detail; however, risk management is a process of identifying, assessing, and responding to risks associated with a particular situation or activity. In Information Systems, risk management deals with threats to a computer system and its resources.
Room Prerequisites
This room has no strict prerequisites; however, studying it along with the Security Governance and Regulation and Threat Modelling rooms would be helpful.
Learning Objectives
By the end of this room, you will have learned about the following:
- Vulnerability, Threat, and Risk
- Information Systems Risk Management
- Risk Management Process: Frame, Assess, Respond, and Monitor
- Deciding how to respond to a risk
You have registered to attend a local workshop about offensive cyber security tools. The workshop requires the attendees to bring their own laptops. This workshop is critical for you, and you want to get the most out of it. Your laptop is good and reliable; however, as with any electronic device, there is always a chance, no matter how minuscule, that something might go wrong and it would fail.
You decide to carry an extra laptop; if your main laptop fails, the second laptop will be ready. What would you call this response to risk?
You think your laptop has never failed before, and the chances of failing now are too slim. You decide not to take any extra actions. What do you call this response to risk?
Ready to learn Cyber Security?
The Risk Management room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in