Risk Controlling: Definition Types Accept Risk Mitigate Risk Eliminate Risk Transfer Risk

1. In the Name of ALLAH,
the Most Beneficent the Most Merciful

2. 
Topic:
Risk & Risk Controlling
Presented By:
Daniyal Khan (0047)
Information Security Management

3. 
A situation involving exposure of
danger or uncertainty of
profit/loss is called Risk.
Risk

4. 
There are four types of risk control.
1) Accept Risk
2) Mitigate Risk
3) Eliminate Risk
4) Transfer Risk
Types of risk control

5. 
The stakeholders who are responsible for a risk
can choose to accept a risk. For example, the
risk that a project may fail may be accepted if
the project is of planned importance.
Risk management may include an approval
process for risk acceptance.
Accept Risk

6. 
Actions are taken to reduce risk to an
acceptable level. For example, the
organization assigns a top performing
project management team to a project to
reduce the risk that it will fail.
Mitigate Risk

7. 
When you mitigate risks it's important to
consider secondary risks. Secondary risks are
the risks that are caused by your risk mitigation
efforts.
If you reduce a security risk by applying an
update to software there's a risk that the update
itself contains security vulnerabilities. In some
cases, mitigation activities are higher risk than
the risk they reduce.
Secondary Risk

8. 
A risk may be reduced to zero. Normally
the only way to achieve this is to stop the
activity that generates the risk. For
example, selling a risky investment will
eliminate the risks associated with that
investment.
Eliminate Risk

9. 
A risk may be transferred to another
organization or individual. For
example, fire insurance transfers the
risk of asset damage due to fire.
Transfer Risk

10. 