Risk Management Study Guide - jwells24/Tech-Journal GitHub Wiki

Risk Management Study Guide

This tech journal entry will be dedicated to creating a study guide for risk management based on three different sources that we examined this week.

An important part of what we looked at in the slides specifically was how to actually deal with the risks we find. Some of the strategies for managing risk include:

Risk acceptance - If the cost of fixing a risk outweighs the possible damages caused by a risk, then it is acceptable to let the risk remain. If the probability is low and damages are low, then the risk might be worth overlooking for now and focusing on higher risk problems.
Risk Avoidance - Risk avoidance/deterrence involves adding deterrents to risks when fixing the risk outright is impossible or not a reasonable task. An example of risk deterrents include security guards and audits.
Risk Transference - Transferring risk is the process of removing liability from ones self in case the risk is realized. This can be done with insurance and outsourcing.
Risk Mitigation - Mitigation involves implementing security controls and safeguards to actually prevent the risk or reduce the damages that might be caused if the risk is realized.

Qualitative risk assessments focus more on scenario based risks and involve figuring out the priority and possibility of risks and ranking them without an in-depth cost analysis. Quantitative risk assessments involve more of a focus on cost analysis and dollar amounts are placed on costs of dealing with or fixing risks in order to make decisions.
A common assessment tool that is used in assessments is a Risk Register which highlights all of the risks that an organization faces. This risk register can be used in both types of assessments and contains identified risks, severity of risks, responses, and status of mitigation.

The reading of the Risk Management chapter in the CompTIA book outlines the risk management process in a very linear way and provides context to some of the terms we got from the slides. For example, the reading talks about the beginning processes of a risk assessment being identifying risks and determining risk factors. Then, we move towards cost analysis and mitigation of risks. The book also highlights some of the Risk Management Strategies that I highlighted above from the slides as being the final step in determining what risk management strategy is correct in your situation.
I also want to quickly highlight the order of events in a risk assessment as outlined from the book.

Objective 5.4 outlines everything about the risk management process and adds more to what we learned from the slides and the CompTIA reading. One thing right in the beginning that stands out to me is the difference between Internal & External Risk. External risk factors are things that the organization has limited control over such as the stock market, third parties, and natural disasters. Internal risks are things that fall inside of the organizations control such as resources, organizational structure, and strategy.
Objective 5.4 then moves into defining a risk assessment and some information about asset identification. Asset identification is the process of determining the worth of an asset based on different factors such as deprecation of asset value over time, amount of revenue generated by asset, and exposure factor. After this section, objective 5.4 moves onto different types of risk such that we have talked about above.
The article then moves onto risk mitigation strategies, risk registers, and other things that I covered above. The article wraps up with some of the possible disasters that your company could face, both internal and external, and what the most common solution would be. In conclusion, this reading provides a lot of information on risk assessments, risk analysis, risk mitigation, and everything involving risk management. It covers the process from start to finish completely of performing risk assessments and managing risk in general.