SecPlusTrainer / Glossary / What is risk management?
D1 · General

What is risk management?

Risk management: Identify risks → Analyze (likelihood × impact) → Treat (accept/transfer/avoid/mitigate) → Monitor and Review. Document in risk register.
Treatment options: Avoid (eliminate the risky activity), Mitigate (reduce likelihood/impact with controls), Transfer (insurance, contracts), Accept (document and acknowledge). No treatment = negligence. Risk management is an ongoing process — risks change as the environment changes.

Related Terms

What is an access token in security? What is an account lockout policy? What is Active Directory (AD)? What is Active Directory Certificate Services (AD CS)?
← Back to Glossary Practice Questions →