risk controlling in ism
TRANSCRIPT
![Page 1: Risk Controlling in ISM](https://reader038.vdocuments.site/reader038/viewer/2022100803/5a65316b7f8b9a5b558b50f1/html5/thumbnails/1.jpg)
In the Name of ALLAH,
the Most Beneficent the Most Merciful
![Page 2: Risk Controlling in ISM](https://reader038.vdocuments.site/reader038/viewer/2022100803/5a65316b7f8b9a5b558b50f1/html5/thumbnails/2.jpg)
Topic:
Risk & Risk Controlling
Presented By:
Daniyal Khan (0047)
Information Security Management
![Page 3: Risk Controlling in ISM](https://reader038.vdocuments.site/reader038/viewer/2022100803/5a65316b7f8b9a5b558b50f1/html5/thumbnails/3.jpg)
A situation involving exposure of danger or uncertainty of profit/loss is called Risk.
Risk
![Page 4: Risk Controlling in ISM](https://reader038.vdocuments.site/reader038/viewer/2022100803/5a65316b7f8b9a5b558b50f1/html5/thumbnails/4.jpg)
There are four types of risk control.
1) Accept Risk
2) Mitigate Risk
3) Eliminate Risk
4) Transfer Risk
Types of risk control
![Page 5: Risk Controlling in ISM](https://reader038.vdocuments.site/reader038/viewer/2022100803/5a65316b7f8b9a5b558b50f1/html5/thumbnails/5.jpg)
The stakeholders who are responsible for a risk can choose to accept a risk. For example, the risk that a project may fail may be accepted if
the project is of planned importance.
Risk management may include an approval process for risk acceptance.
Accept Risk
![Page 6: Risk Controlling in ISM](https://reader038.vdocuments.site/reader038/viewer/2022100803/5a65316b7f8b9a5b558b50f1/html5/thumbnails/6.jpg)
Actions are taken to reduce risk to an acceptable level. For example, the
organization assigns a top performing project management team to a project to
reduce the risk that it will fail.
Mitigate Risk
![Page 7: Risk Controlling in ISM](https://reader038.vdocuments.site/reader038/viewer/2022100803/5a65316b7f8b9a5b558b50f1/html5/thumbnails/7.jpg)
When you mitigate risks it's important to consider secondary risks. Secondary risks are
the risks that are caused by your risk mitigation efforts.
If you reduce a security risk by applying an update to software there's a risk that the update itself contains security vulnerabilities. In some cases, mitigation activities are higher risk than
the risk they reduce.
Secondary Risk
![Page 8: Risk Controlling in ISM](https://reader038.vdocuments.site/reader038/viewer/2022100803/5a65316b7f8b9a5b558b50f1/html5/thumbnails/8.jpg)
A risk may be reduced to zero. Normally the only way to achieve this is to stop the
activity that generates the risk. For example, selling a risky investment will eliminate the risks associated with that
investment.
Eliminate Risk
![Page 9: Risk Controlling in ISM](https://reader038.vdocuments.site/reader038/viewer/2022100803/5a65316b7f8b9a5b558b50f1/html5/thumbnails/9.jpg)
A risk may be transferred to another organization or individual. For
example, fire insurance transfers the risk of asset damage due to fire.
Transfer Risk
![Page 10: Risk Controlling in ISM](https://reader038.vdocuments.site/reader038/viewer/2022100803/5a65316b7f8b9a5b558b50f1/html5/thumbnails/10.jpg)