What is a risk mitigation plan?

process for addressing risks

This post originally appeared on Quora in response to the question 'What is a risk mitigation plan?' Link What is a risk mitigation plan The risk mitigation plan is a series of specific actions or steps you will take in response to a risk once you have completed your risk assessment.  However, before you start … Continue reading What is a risk mitigation plan?

Convincing people to take risks

This post first appeared on Quora in response to the question 'How do you convince people to take a risk in a company?' Link. How do you convince people to take a risk in a company? Firstly, I don’t think we should ever push people to take risks that 1) they are uncomfortable with and 2) … Continue reading Convincing people to take risks

10 Tips For Crisis Management

I have been thinking about effective crisis management a lot recently and am working on a more in-depth piece on managing a crisis which I hope to publish soon.  However, crises don't wait until we are properly prepared before they strike so I put together this quick set of suggestions as a stop-gap. Normally, I wouldn't … Continue reading 10 Tips For Crisis Management

A KISS Approach to Enterprise Security Risk Management

Enterprise security risk management (ESRM) has been a topic of increasing interest for security managers over the past few years, and ASIS International has identified it as a strategic focus. But a review of the literature, beginning with the 2010 CSO roundtable paper on ESRM, raises two issues that could make ESRM implementation difficult. First, … Continue reading A KISS Approach to Enterprise Security Risk Management

Integrating a Risk Management System into Your Organization

Integrating a risk management system into your department or organization will be a major endeavor and while there are significant benefits to making this change, the degree of effort required should not be underestimated. Moreover, the overall workload of the organization and other major initiatives that might also be underway are major considerations when planning … Continue reading Integrating a Risk Management System into Your Organization

WDYMB…Address Risks?

Once an organization’s risks are understood, it is important that appropriate action is taken to address these risks to ensure that the organization's objectives are protected or enhanced. Some risks are severe enough to require immediate action. Others can be dealt with in the short term whereas some risks require longer-term attention over months or … Continue reading WDYMB…Address Risks?

Risk assessments grading and metrics

risk assessment grading

When we are conducting a risk assessment, we need a way to assess, grade and order risks to allow us to use this information for decision-making and to prioritize our actions. This article outlines some basic techniques that can be used for risk assessment grading and matrics.  These basic examples lay the foundation for more complex sets of metrics … Continue reading Risk assessments grading and metrics

The risk assessment process – how to conduct a risk assessment

The risk assessment lies at the core of risk management.  Without a clear understanding of the risks faced, none of the other risk management activities can be undertaken meaning that the organization will remain reactive instead of being able to take proactive steps informed by risk-based decision making.  However, risk assessments have the potential to become hugely … Continue reading The risk assessment process – how to conduct a risk assessment