Risk management is the process of determining the likelihood and impact of potential threats to an organization's operations, assets, individuals, and national security. Information assurance (IA) risk management employs a similar process to achieve and maintain an acceptable level of IA risk. The risk management process involves background planning, asset analysis, threat analysis, vulnerability analysis, risk identification, risk analysis, risk treatment, and monitoring risk. It is integrated with other management practices like budgeting, business planning, and internal auditing.

1. INFORMATION ASSURANCE
RISK MANAGEMENT
JOEL C. FABILLARAN, MIT

2. WHAT IS RISK MANAGEMENT?

3. RISK MANAGEMENT
 Risk Management is the process of determining
the extent to which an entity is threatened; that
is, determining the likelihood of potential adverse
circumstances or events and the resulting harm to
or impact on organizational operations,
organizational assets, individuals, other
organizations, and the nation.

4. WHAT IS IA RISK MANAGEMENT?

5. IA RISK MANAGEMENT
 Information Assurance (IA) Risk Management is a
process employed by an organization to achieve and
maintain an acceptable level of IA risk. It provides a
framework for decision-makers to continuously
evaluate and prioritize IA risks to accept or
recommend strategies to remediate or mitigate
those risks to an acceptable level.

6. RISK MANAGEMENT PROCESS

7. RISK MANAGEMENT PROCESS
 BACKGROUND PLANNING
 ASSET ANALYSIS
 THREAT ANALYSIS
 VULNERABILITY ANALYSIS
 RISK IDENTIFICATION
 RISK ANALYSIS
 RISK TREATMENT
 MONITORING RISK

8. INTEGRATION WITH OTHER
MANAGEMENT PRACTICES
 Budgeting
 Business Planning
 Internal Audit
 Periodic Reporting