Every Step of the Way.
Risk Management is simply the process of managing risks based on your organisation’s security appetite. The process includes the assessment of people, processes and technologies that can potentially impact security. A risk register and plan is developed in the process of risk (threat) identification, evaluation, prioritisation and development of mitigation controls (accept, reduce, transfer).
Risk Treatment Plan
The Risk Treatment Plan is built based on the results of the assessment, containing the actions recommended to improve ineffective controls. Each Risk Treatment is mapped to relevant risks; as risk treatments are completed, the effectiveness of the control improves and in turn reduces the likelihood of mapped risks occurring.