Risk management defines a systematic approach for minimizing
exposure to potential losses. It includes the following three core
• assess risk—transform the concerns people have into distinct,
tangible risks that are explicitly documented and analyzed
• plan for controlling risk—determine an approach for addressing
each risk; produce a plan for implementing the approach
• control risk—deal with each risk by implementing its defined
control plan and tracking the plan to completion
Reference: Page 63
Two distinct risk analysis approaches can be used when evaluating systems
1. Tactical risk analysis
2. Mission risk analysis
Reference: Page 13
From the tactical perspective, risk is defined as the probability that an event will lead to a negative consequence or loss.
Reference: Page 14
From the mission perspective, risk is defined as the probability of mission failure (i.e., not achieving key objectives).
Reference: Page 15
Author(s): Christopher J. Alberts, Audrey J. Dorofee
Publish Date: February 2012
Publisher: Software Engineering Institute
SEI Identifier: CMU/SEI-2012-TN-005
Type: Technical Note
Topics: Cybersecurity Engineering, Measurement and Analysis
Description: In this report, the authors describe the Mission Risk Diagnostic (MRD) method, which is used to assess risk in systems across the lifecycle and supply chain.
Note to Management:
Risk Management doesn’t mean just filling excel templates with some numbers.
Assessor need to have complete depth of knowledge in Risk Management and need to work with respective stock holders. Then only we can protect systems properly by mitigating Risk.
Risk Assessment Template