Risk Management Strategies

Acceptance

One of the first strategies to tackle would be to the topic of accepting the fact that there is indeed risk or holes within a company's existing system. The issue is that some companies don't really jump on the opportunity to protect from potential risk as the cost may not seem worth it to them. Accepting the risk and doubling down on protection is extremely worthwhile when protecting data.

Avoidance

This is simply the act of finding a simple workaround. This could simply be just googling a more popular alternative software that can be much more protective or cheaper overall. One sub-category would include risk deterrence which is the implementation of measure res to turn people who could cause risk away. Such examples would be the hospital example and having the server rooms guarded by a security camera showing that the person is being recorded.

Transference

The process of spreading and transferring the impacts of risk into other sources or branches. This could be through means of outsourcing to insurance companies or other services such as cloud services or DDos prevention software.

Mitigation

This involves the implementation of safeguards to prevent any damage from happening in the first place. In order to be really effective with this, it's best to pick higher-end software or popular ones. This includes Firewalls, GPOs, and Access Control.

Ignoring and rejection

A very negative way to tackle risk management would be to block yourself out of any risk that could potentially exist. The overall process involves the fact that any system is going to have some sort of risk elements to it and you need to acknowledge the fact that these risk can be improved upon.

---

It's important to tackle which kinds of strategies need to be used depending on the scenario.

Qualitative

A much more scenario-based analysis. Addressing risk as a scale of the most risk, cost, and effects on the companies rather than the actual monetary cost of the situation. The different methods that come with this are storyboards, surveys, and many other kinds of data collection.

Quantitative

This is the opposite of qualitative where the focus is on the real monetary value of the topic of risk assessment. This is through methods such as inventory assets and a collection of data calculating the losses over a certain amount of time.

Risk Registering

A spreadsheet that inventories all of the identified risks to an organization or system to give off an overall view on risk and where to take action from there.

Inherent Risk

The risk that exists in an environment from the default can be caused by the structure of a system, the developer's vision, and overall knowledge of the company.

Residual Risk

This is usually during the process that occurs after the implementation of a security system where a workaround or existing factor is still present. However, instead of tackling this problem head the heads of the company choose to accept this.

Total Risk

The calculated amount of risk that would exist if there were no countermeasures or any security whatsoever.