|
The overall risk management process comprises four primary phases: Assessing
Risk, Conducting Decision Support, Implementing Controls, and Measuring Program
Effectiveness. The risk management process illustrates how a formal program
provides a consistent path for organizing limited resources to manage risk
across an organization. The benefits are realized by developing a cost-effective
control environment that drives and measures risk to an acceptable level.
The Assessing Risk phase represents a formal process to identify and
prioritize risks across the organization. The Microsoft security risk management
process provides detailed direction on performing risk assessments and breaks
down the process in the Assessing Risk phase into the following three steps:
- Planning — Building the foundation for a successful risk
assessment.
- Facilitated data gathering — Collecting risk information through
facilitated risk discussions.
- Risk prioritization — Ranking identified risks in a consistent
and repeatable process.
The output of the Assessing Risk phase is a prioritized list of risks that
provide the inputs to the Conducting Decision Support phase, which Chapter 5,
"Conducting Decision Support," addresses in detail.
The following diagram provides a review of the overall risk management
process and demonstrates the role of risk assessment in the larger program. The
three steps within the Assessing Risk phase are also highlighted.
|
Call Now : 800-519-
2267
|
Testimonials
|
If you're serious about getting certified,
this is the place to go. Definitely worth
their competitive price. Excellent
instructors, making it possible for anyone
to learn no matter what your level of
experience or knowledge.
Michael Doty
|
 |
|
No Prestudy